merge-pr
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various system commands using
gitandgh(GitHub CLI) to manage worktrees, fetch repository data, and merge pull requests. These operations are limited to the specified repository directory and standard CLI usage. - [PROMPT_INJECTION]: An indirect prompt injection surface was identified where the skill reads and displays the content of locally stored review and preparation artifacts.
- Ingestion points: Reads files from the
.local/directory (e.g.,review.md,prep.md) which may contain data derived from external pull request content. - Boundary markers: No explicit delimiters are used to separate the artifact content from the agent's instructions.
- Capability inventory: The skill allows the agent to perform sensitive repository operations, including code merging.
- Sanitization: Content from the files is printed directly to the agent's context without sanitization, though it is primarily used for status verification.
Audit Metadata