babysit-pr
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh) to retrieve pull request status (CI, reviews, conflicts) and to perform the final merge action. It also interacts with a scheduling tool to manage background monitoring loops. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted data from GitHub pull requests. Ingestion points: Pull request title, body, and comments fetched via
gh pr view. Boundary markers: No explicit delimiters or instructions are used to distinguish PR data from the agent's instructions. Capability inventory: The skill can schedule recurring tasks and perform repository write operations (merging). Sanitization: No sanitization of the PR content is performed before evaluation. Mitigation: The risk is successfully mitigated by a critical requirement for explicit human confirmation before the final merge action is taken, preventing the agent from acting autonomously on potentially malicious instructions embedded in the PR content.
Audit Metadata