Skills
skills/vkehfdl1/marshroom/validate-pr/Gen Agent Trust Hub

validate-pr

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local commands git branch --show-current and gh pr view --json title,body,headRefName to retrieve the current development state.
  • [DATA_EXPOSURE]: The skill accesses ~/.config/marshroom/state.json. This local configuration file contains state information specific to the tool's operation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data from the GitHub PR body and branch names (retrieved via gh pr view) and processes this content to validate conventions.
  • Ingestion points: Data enters the agent context via the gh pr view command and by reading ~/.config/marshroom/state.json.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing the PR body or JSON fields.
  • Capability inventory: The agent has the capability to run subprocesses (git, gh) and read files.
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the Pull Request before it is analyzed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 09:47 PM