Skills
skills/vercel/next.js/pr-status-triage/Gen Agent Trust Hub

pr-status-triage

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection: The skill processes external data derived from CI logs and GitHub pull request threads, creating a surface for potential instruction injection.\n
  • Ingestion points: The agent reads generated markdown files such as job-{id}.md and thread-{N}.md located in scripts/pr-status/.\n
  • Capability inventory: The skill provides the agent with access to shell commands including gh, node, pnpm, and cargo.\n
  • Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore embedded instructions within the processed files.\n
  • Sanitization: There is no evidence of filtering or sanitization performed on the content before it is read by the agent.\n- Command Execution: The skill automates development workflows by executing local repository scripts and command-line tools.\n
  • Evidence: The workflow involves running commands like node scripts/pr-status.js and gh run rerun <run-id> --failed.\n
  • Context: These operations are performed to reproduce CI failures and manage pull request threads, utilizing resources provided by the vendor.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 09:47 PM