Skills
skills/sylla-bv/sylla-skills/pr-sweep/Gen Agent Trust Hub

pr-sweep

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Risk of indirect prompt injection through GitHub PR review comments.\n
  • Ingestion points: PR review comments are fetched via the gh api graphql command in Step 2 of the workflow.\n
  • Boundary markers: The workflow lacks explicit delimiters or instructions for the agent to ignore commands that may be embedded within the comment bodies.\n
  • Capability inventory: The agent has access to powerful tools including Bash (via gh and git), Read, and TaskCreate.\n
  • Sanitization: No sanitization or escaping of the fetched comment content is performed before it is used to analyze code or generate replies.\n- [COMMAND_EXECUTION]: Risk of shell command injection through unescaped data interpolation.\n
  • The skill executes shell commands like gh api and git diff using variables such as path, baseRefName, and REPLY_BODY. If these variables are not properly escaped by the agent when constructing the shell command strings, it could lead to arbitrary command execution in the shell environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 04:38 PM