pr-monitoring-loop

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The utility scripts/check-pr-state.py performs several calls to git and gh (GitHub CLI) using subprocess.run(). These calls are implemented securely by passing arguments as an array and avoiding the use of shell=True, which prevents command injection vulnerabilities.
  • [DATA_EXFILTRATION]: The skill fetches pull request metadata and status information from GitHub. This activity is performed through the official GitHub CLI and targets a well-known service. There is no evidence of sensitive local file access or transmission of data to unauthorized external domains.
  • [PROMPT_INJECTION]: The skill processes untrusted external data, specifically pull request comments and review bodies, to identify actionable items. While this represents an indirect prompt injection surface, the skill is designed to handle this content as data inputs for a structured monitoring protocol rather than as direct instructions for the agent.
  • Ingestion points: Pull request comments, review comments, and thread comments fetched in scripts/check-pr-state.py via the GitHub API.
  • Boundary markers: Data is returned to the agent in a structured JSON format and presented within a dedicated watcher prompt context.
  • Capability inventory: The agent is authorized to perform standard repository maintenance tasks, including git commit, git push, and replying to or resolving review threads via gh api.
  • Sanitization: The script collects raw text data from GitHub as part of the PR state summary, which the agent then evaluates according to the defined PR monitoring logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 07:37 AM
Security Audit — agent-trust-hub — pr-monitoring-loop