ghwf7-pr
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from external sources.\n
- Ingestion points: The skill fetches user-controllable data (body and comments) from GitHub via
gh issue viewandgh pr viewin the 'Load Context' step.\n - Boundary markers: There are no boundary markers or 'ignore' instructions specified to prevent the agent from being influenced by instructions embedded within the fetched comments.\n
- Capability inventory: The agent has the capability to execute state-changing commands including
gh pr ready,gh pr edit,gh issue edit, andgh pr comment.\n - Sanitization: No sanitization, validation, or escaping logic is defined for the content retrieved from GitHub before it is processed or used in subsequent steps.\n- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to automate Pull Request and Issue management.\n - Evidence: Processing steps involve executing
ghcommands to transition PR status, edit titles, and modify labels to match the workflow state.
Audit Metadata