Skills
skills/s-hiraoku/synapse-a2a/pr-guardian/Gen Agent Trust Hub

pr-guardian

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or privilege escalation attempts were detected.
  • [COMMAND_EXECUTION]: The skill uses a bash script (poll_pr_status.sh) to query PR state via the GitHub CLI (gh). The script is implemented securely, using set -euo pipefail and jq for parsing.
  • [EXTERNAL_DOWNLOADS]: All external interactions are restricted to the GitHub CLI querying GitHub services, which are well-known and trusted. There are no downloads of unverified scripts or execution of remote payloads.
  • [DATA_EXFILTRATION]: Data access is limited to PR status metrics. No unauthorized harvesting of credentials or sensitive local files was found.
  • [PROMPT_INJECTION]: The monitoring loop is driven by structured status data. The skill addresses potential indirect injection from external data by filtering for a specific authorized bot (coderabbitai[bot]) and parsing results into a schema before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 05:36 PM