prepare-security-prs
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute local build and testing tools (e.g., updating lockfiles and running test suites) as part of the PR validation workflow. This inherently involves executing code or scripts defined within the target repository.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection as it ingests untrusted data from GitHub pull requests to make classification decisions.
- Ingestion points: The skill reads PR titles, labels, author names, and file contents (manifests/lockfiles) using
gh pr listand other GitHub CLI commands. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present when processing PR data.
- Capability inventory: The skill possesses the capability to modify repository state via
git push(including force-pushes with lease) and execute arbitrary local commands during the 'Validation strategy' phase ('run tests'). - Sanitization: There is no evidence of sanitization or validation of the PR metadata before it is used to classify the PR state or determine actions.
Audit Metadata