merge-pr
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill performs
source .local/prep.env, which interprets the file's content as shell commands. If an attacker can influence this file's content (e.g., via a malicious pull request step or compromised local environment), it could lead to arbitrary code execution. \n- COMMAND_EXECUTION (LOW): PR identifiers provided by the user are interpolated into shell commands (e.g.,scripts/pr-merge verify <PR>). This presents a potential command injection surface if the input is not strictly validated by the agent. \n- PROMPT_INJECTION (LOW): \n - Ingestion points: External pull request metadata and local configuration files such as
.local/review.json. \n - Boundary markers: No explicit delimiters or instructions are used to prevent the agent from being influenced by malicious instructions embedded in the PR data. \n
- Capability inventory: The skill possesses the ability to execute shell commands and alter repository states using local wrapper scripts. \n
- Sanitization: There is no mention of sanitization or validation routines for data ingested from the pull request.
Audit Metadata