Skills
skills/ruvnet/ruflo/agent-github-pr-manager/Gen Agent Trust Hub

agent-github-pr-manager

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines pre and post hooks that execute gh and git commands in SKILL.md. While standard for its purpose, executing shell commands based on repository state is a sensitive operation.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it processes untrusted user input and repository data without sanitization.
  • Ingestion points: The skill ingests data from branch names, PR titles, and PR bodies as seen in the usage examples in SKILL.md.
  • Boundary markers: No delimiters or ignore instructions are used to separate user data from instructions.
  • Capability inventory: The skill executes privileged gh CLI commands to create, review, and merge PRs.
  • Sanitization: There is no evidence of sanitization or escaping of shell metacharacters in processed strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:32 PM