tag-duplicate-prs-issues
Fail
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends installing software by piping remote shell scripts directly into the bash interpreter from an untrusted source (github.com/dutifuldev). This pattern allows the external source to execute arbitrary code on the user's system.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted data from GitHub.
- Ingestion points: Pull request and issue titles, bodies, and comments are fetched via ghr pr view and ghr search commands.
- Boundary markers: There are no protective delimiters or instructions for the agent to ignore potentially malicious commands embedded in the retrieved content.
- Capability inventory: The skill utilizes ghr, prtags, and uvx, which provide the agent with capabilities to read/write files and interact with the GitHub API.
- Sanitization: No sanitization or validation is performed on the data retrieved from GitHub before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill fetches and executes the pr-search-cli tool using uvx without pinning a specific version or performing integrity checks.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/dutifuldev/prtags/main/scripts/install-prtags.sh, https://raw.githubusercontent.com/dutifuldev/ghreplica/main/scripts/install-ghr.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata