stack-mode
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements legitimate developer workflow automation for handling stacked pull requests.
- [COMMAND_EXECUTION]: The skill instructions include shell scripts that utilize
gitandgh(GitHub CLI). These tools are used appropriately within the context of the skill's purpose to query repository state and PR metadata. - [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration. Network access is restricted to standard GitHub CLI operations directed at official repository metadata. No sensitive local files (like SSH keys or credentials) are accessed.
- [INDIRECT_PROMPT_INJECTION]: The skill features an attack surface for indirect injection as it parses data from PR bodies and comments to determine stack membership.
- Ingestion points: Reads content from
gh pr view --json bodyandgh pr view --json commentsinSKILL.md. - Boundary markers: None present in the parsing logic.
- Capability inventory: Execution of
ghandgitcommands based on parsed identifiers. - Sanitization: The skill employs a secure pattern by using
grep -oE '#[0-9]+'to extract only numeric PR identifiers. This strict regex validation prevents an attacker from injecting shell commands or prompt overrides via PR comments or body descriptions.
Audit Metadata