Skills
skills/thibautbaissac/rails_ai_agents/dependabot-review/Gen Agent Trust Hub

dependabot-review

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted data.
  • Ingestion points: Untrusted data enters the agent context via gh pr view (PR titles/bodies), gh pr diff (source code changes), and WebFetch (external changelog files).
  • Boundary markers: The instructions lack explicit boundary markers or directions to ignore instructions that might be embedded within the PR content or changelogs.
  • Capability inventory: The skill utilizes Bash (to execute gh commands), WebFetch, Read, Grep, and Glob for repository analysis and reporting.
  • Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the model or posted back to GitHub as PR comments.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute gh (GitHub CLI) commands for essential operations such as viewing repo metadata, listing PRs, and posting review comments. These operations are limited to the scope of PR management and do not involve system-level privileges or unsafe shell patterns.
  • [EXTERNAL_DOWNLOADS]: The skill fetches changelog and release information from well-known services, including RubyGems.org and GitHub's official release pages. These downloads are performed to gather context for the dependency review and originate from trusted domains.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 11:10 AM