Skills
skills/sd0xdev/sd0x-dev-flow/pr-summary/Gen Agent Trust Hub

pr-summary

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script uses the gh CLI to fetch PR data. This is an expected and safe operation given the skill's purpose.
  • [DATA_EXPOSURE]: PR data is fetched from GitHub and stored in a temporary Markdown file (/tmp/pr-summary.md). No sensitive user credentials or system files are accessed.
  • [PROMPT_INJECTION]: The skill processes external data, creating a potential surface for indirect prompt injection.
  • Ingestion points: PR titles and branch names are fetched in scripts/pr-summary.sh via the gh CLI.
  • Boundary markers: The output is structured into Markdown headers and blockquotes to separate PR content.
  • Capability inventory: Limited to gh (read-only PR list), bash (script execution), and cat (reading the temporary file).
  • Sanitization: PR metadata is handled as structured JSON data by jq before being formatted into Markdown, preventing direct shell injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 06:41 AM