Skills
skills/sylla-bv/sylla-skills/pr-sweep/Gen Agent Trust Hub

pr-sweep

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes external data in the form of GitHub PR review comments and local file content to automate triage decisions. This creates a surface for indirect prompt injection where malicious instructions in a comment could influence the agent's reasoning.
  • Ingestion points: Fetches PR comment bodies via gh api graphql and reads file contents using the Read tool as described in Step 2 and Step 3 of the workflow.
  • Boundary markers: There are no explicit delimiters or system instructions defined in the workflow to isolate the untrusted comment content from the agent's primary instructions.
  • Capability inventory: The agent can execute GraphQL mutations to reply to and resolve review threads, and use the TaskCreate tool to generate project tasks.
  • Sanitization: The skill does not perform any sanitization or validation of the fetched comment text before it is evaluated by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 09:20 AM