tend-pr
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of PR comments.
- Ingestion points: Comments are fetched from external PR platforms like GitHub.
- Boundary markers: No explicit delimiters or instructions are used to isolate untrusted comment content from the agent's core reasoning instructions.
- Capability inventory: The skill has the authority to modify source code (via manifest amendments or direct fixes) and manage PR states (merge, request review).
- Sanitization: The skill employs a classification decision tree to identify actionable items, providing a basic heuristic layer that does not act as a formal security boundary.
- [COMMAND_EXECUTION]: The skill performs git operations and platform-specific PR commands to automate the development workflow. While these are part of its intended functionality, they represent the capability to alter the project state based on its interpretation of untrusted external input.
Audit Metadata