fin
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
gitandgh(GitHub CLI) commands to perform actions such as pushing code, monitoring checks, and merging pull requests. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external sources. • Ingestion points: Pull request information is ingested into the agent context via
gh pr viewandgh pr listinSKILL.md. • Boundary markers: The skill does not define clear boundaries or instructions for the agent to ignore potentially malicious commands embedded in PR titles or descriptions. • Capability inventory: The agent has capabilities to modify the repository, including pushing changes (git push) and performing squash-merges (gh pr merge). • Sanitization: No sanitization or validation of PR metadata is performed before the content is used to inform the agent's next actions.
Audit Metadata