Skills
skills/dejanvasic85/skills/fix-renovate-pr/Gen Agent Trust Hub

fix-renovate-pr

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to reproduce CI failures, such as npm ci or the exact commands found in CI logs. This is a necessary capability for the skill's primary function of verifying dependency fixes.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted data from GitHub PRs and CI logs to determine its actions.
  • Ingestion points: Untrusted data enters the agent context through PR bodies, comments, discussion history, and failing CI job logs (referenced in SKILL.md steps 2 and 3).
  • Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the ingested GitHub or CI data.
  • Capability inventory: The skill has the capability to write to the local filesystem (applying code/lockfile fixes), execute shell commands (reproduction steps), and interact with the GitHub API via MCP tools (posting comments).
  • Sanitization: No explicit sanitization or validation of external text is performed, although the 'Quality Criteria' section includes an instruction to ensure no secrets or PII are exposed from logs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 11:24 AM