github-pr-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill automates the installation of the GitHub CLI (gh) using winget or scoop if it is missing. * Evidence: Found 'winget install --id GitHub.cli --silent' and 'scoop install gh' in OPTIMIZE_SUMMARY.md. * Reasoning: Per [TRUST-SCOPE-RULE], official tools from trusted entities installed via standard package managers are considered low risk.
- Indirect Prompt Injection (LOW): The skill uses output from local git logs to populate PR metadata, which could ingest untrusted content from commit history. * Ingestion point: 'git log -1' used for PR titles and messages in SKILL.md. * Boundary markers: Not identified in command construction. * Capability inventory: 'gh pr create' and 'gh pr merge' capabilities. * Sanitization: Not explicitly documented in the command snippets.
- Command Execution (LOW): The skill executes local PowerShell scripts and official GitHub CLI commands. * Evidence: Descriptions in SKILL.md and README.md detail the execution of Invoke-GitHubPRWorkflow.ps1. * Reasoning: This behavior is consistent with the primary purpose of the skill and intended for administrative developer tasks.
Audit Metadata