iterate-pr
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by fetching and acting on PR feedback and CI logs. An attacker could provide malicious instructions in a PR comment that the agent might execute while attempting to address feedback. 1. Ingestion points: The skill uses
scripts/fetch_pr_feedback.pyandscripts/fetch_pr_checks.pyto pull data from GitHub. 2. Boundary markers: No markers are used to separate instructions from data. 3. Capability inventory: The agent has permissions to modify local files and push changes to the remote repository. 4. Sanitization: The skill does not perform any sanitization of the fetched external content. - [COMMAND_EXECUTION]: The skill executes local Python scripts using
uv runand various GitHub CLI (gh) commands to manage Pull Request workflows.
Audit Metadata