tend-pr-tick

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and process untrusted data from PR comments and CI failure logs, which could be used by an attacker to influence agent behavior.
  • Ingestion points: Untrusted data enters the agent context through the 'Read State' and 'CI Failure Triage' steps in the SKILL.md file, where PR comments and CI logs are fetched.
  • Boundary markers: The skill includes a 'Security' section that explicitly labels PR comments as untrusted input and provides instructions to ignore any embedded commands or scripts.
  • Capability inventory: The skill has the capability to modify the repository (push changes), update descriptions, post comments, and invoke other execution tools such as /do and /define.
  • Sanitization: The instructions require the agent to use its own judgment and evaluate fixes against the manifest rather than copy-pasting suggestions or executing code found in comments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 06:36 AM
Security Audit — agent-trust-hub — tend-pr-tick