agent-pr-manager
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool and shell-based hooks (pre and post) to perform Git operations, GitHub CLI tasks, and Node.js testing. These capabilities are consistent with the tool's intended purpose for software development.
- [EXTERNAL_DOWNLOADS]: The skill fetches data from GitHub repositories and may trigger npm processes that communicate with external package registries during the test and build cycles.
- [PROMPT_INJECTION]: The skill processes external data from pull request titles, bodies, and file contents, forming an indirect prompt injection surface. 1. Ingestion points: PR metadata and file changes are retrieved via the mcp__claude-flow__github_pr_manage and gh CLI tools. 2. Boundary markers: No specific delimiters or safety instructions are defined to isolate untrusted PR data within the agent's context. 3. Capability inventory: The skill has the ability to execute arbitrary shell commands via Bash and perform write operations to GitHub repositories. 4. Sanitization: No sanitization or validation of the ingested content is documented.
Audit Metadata