verification-before-merge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection through data ingestion points from GitHub.
- Ingestion points: The agent reads the issue body (
gh issue view --json body), PR reviews (gh pr view --json reviews), and review threads (gh pr view --json reviewThreads). - Boundary markers: There are no explicit instructions or delimiters telling the agent to treat the issue body or PR comments as untrusted data rather than instructions.
- Capability inventory: The skill possesses high-impact capabilities including pushing code (
git push --force-with-lease), merging PRs (gh pr merge), and executing project-defined scripts (pnpm test). - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from GitHub.
- [Command Execution] (SAFE): The skill executes several shell commands using standard tools (
git,gh,pnpm,docker-compose). - These are necessary for the skill's primary purpose of PR verification and merging.
- The use of
git push --force-with-leaseis a high-impact operation but is appropriate within the context of a rebase-based workflow described in the skill.
Audit Metadata