github-pr-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions to bypass safety filters, reveal system prompts, or override agent constraints were detected. The persona is a standard professional assistant.
- [DATA_EXFILTRATION] (SAFE): No network operations (curl, wget, fetch) or access to sensitive file paths (SSH keys, AWS credentials) are present in the instructions.
- [REMOTE_CODE_EXECUTION] (SAFE): The skill does not download external packages or execute remote scripts; no package manager files (package.json, requirements.txt) are included.
- [NO_CODE] (SAFE): The skill consists entirely of natural language instructions and Markdown templates without any accompanying scripts, executables, or command-line logic.
- [INDIRECT_PROMPT_INJECTION] (SAFE):
- Ingestion points: The skill reads external data in the form of code diffs and commit messages (SKILL.md, Core Workflow Step 1).
- Boundary markers: Absent; there are no explicit delimiters or instructions to ignore embedded commands within the diffs.
- Capability inventory: None; the skill has no tool-calling, file-writing, or network capabilities.
- Sanitization: Absent; the skill does not perform validation on input data.
- Conclusion: While a surface for indirect prompt injection exists, the total lack of executable capabilities makes this surface non-exploitable.
Audit Metadata