Skills
skills/s-hiraoku/vscode-sidebar-terminal/pr-guardian/Gen Agent Trust Hub

pr-guardian

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local shell script scripts/poll_pr_status.sh to retrieve the current state of a GitHub Pull Request. This script uses the gh CLI to interact with the GitHub API.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its automated processing of untrusted external data.
  • Ingestion points: The scripts/poll_pr_status.sh script ingests CI check names and PR comment bodies (specifically targeting CodeRabbit bot comments) using gh pr checks and gh api respectively.
  • Boundary markers: The instructions lack explicit boundary markers or delimiters to isolate the ingested external text from the agent's internal instructions.
  • Capability inventory: The skill possesses significant capabilities, as it is designed to autonomously invoke other skills like /fix-ci and /fix-review which modify the codebase and push changes back to the repository.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from GitHub comments or CI check results before they influence the agent's decision-making loop.
  • [AUTONOMOUS_BEHAVIOR]: The skill is designed to operate with high autonomy, looping until CI passes and proactively triggering itself via PostToolUse hooks without direct user confirmation for each iteration.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 03:28 PM