verification-before-merge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes the Bash tool to execute Git, GitHub CLI (gh), PNPM, and Docker-Compose commands. These operations are necessary for verification tasks like running tests and checking CI status, but they provide the agent with broad capabilities to modify the local environment and repository state.
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface (Category 8) identified. The skill processes external, potentially attacker-controlled data.
- Ingestion points: Untrusted content is retrieved from GitHub issue bodies (
gh issue view [ISSUE_NUMBER] --json body) and pull request review threads (gh pr view [PR_NUMBER] --json reviews,reviewThreads) as specified inSKILL.md. - Boundary markers: Absent. The instructions do not define delimiters or provide specific warnings to the agent to disregard instructions embedded within the fetched data.
- Capability inventory: The agent has access to the
Bashtool for local command execution and themcp__github__*tools for merging pull requests and closing issues. - Sanitization: Absent. The skill does not perform any validation, escaping, or sanitization of the content retrieved from GitHub before processing it.
Audit Metadata