babysit-pr

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to retrieve pull request status (CI, reviews, conflicts) and to perform the final merge action. It also interacts with a scheduling tool to manage background monitoring loops.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted data from GitHub pull requests. Ingestion points: Pull request title, body, and comments fetched via gh pr view. Boundary markers: No explicit delimiters or instructions are used to distinguish PR data from the agent's instructions. Capability inventory: The skill can schedule recurring tasks and perform repository write operations (merging). Sanitization: No sanitization of the PR content is performed before evaluation. Mitigation: The risk is successfully mitigated by a critical requirement for explicit human confirmation before the final merge action is taken, preventing the agent from acting autonomously on potentially malicious instructions embedded in the PR content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 09:24 AM
Security Audit — agent-trust-hub — babysit-pr