Skills
skills/thoughtbot/dependabot-review-thoughtbot/dependabot-review/Gen Agent Trust Hub

dependabot-review

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources without using boundary markers or sanitization. This could allow an attacker to influence the agent's analysis by embedding malicious instructions in PR titles, descriptions, or external changelogs.\n
  • Ingestion points: Pull request metadata (title, body) and diffs fetched via gh pr view and gh pr diff in SKILL.md. External changelog files fetched from source repositories and RubyGems.org in Step 2.\n
  • Boundary markers: The instructions do not define specific delimiters or "ignore embedded instructions" warnings when interpolating fetched data into the prompt for analysis.\n
  • Capability inventory: The skill has write access to the repository via gh pr comment and provides critical merge recommendations that guide human operators.\n
  • Sanitization: There is no explicit sanitization or filtering of the fetched content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 06:50 AM