Skills
skills/stablyai/orca/review-and-submit/Gen Agent Trust Hub

review-and-submit

Fail

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses gh pr merge --admin which allows the agent to bypass repository branch protection rules (e.g., required reviews, passing CI status).
  • [COMMAND_EXECUTION]: The instructions explicitly direct the agent to merge code even if CI checks fail after one attempt: 'If still failing after one fix attempt, merge with --admin anyway.'
  • [PROMPT_INJECTION]: The skill contains explicit instructions to bypass user oversight and operate without confirmation: 'IMPORTANT: Execute this entire process autonomously without asking the user for confirmation at any step.' and 'DO NOT ask for user confirmation'.
  • [PROMPT_INJECTION]: Indirect prompt injection surface exists via sub-agents ('Review all code changes' and 'Fix review issues') that process untrusted data.
  • Ingestion points: The agents ingest data from git diff (code changes) and gh run view --log-failed (CI logs) in SKILL.md.
  • Boundary markers: Absent. The instructions use standard markdown blocks but do not include warnings for the agent to ignore instructions embedded in the ingested data.
  • Capability inventory: The agent has write access to the repository via git commit and git push, and administrative merge privileges via gh pr merge --admin.
  • Sanitization: No sanitization or validation is performed on the code diffs or log outputs before they are passed to the sub-agents.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 22, 2026, 10:02 PM