Skills
skills/espennilsen/pi/pr-monitor/Gen Agent Trust Hub

pr-monitor

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a bash script to iterate through the local ~/Dev directory and execute commands to extract repository information.
  • Evidence:
  • Shell loop in SKILL.md (Step 1) using git remote get-url, gh pr list, jq, sed, and grep to parse local configuration and GitHub data.
  • [DATA_EXFILTRATION]: The skill extracts information about pull requests (titles, authors, branch names) and transmits it to an external service for messaging.
  • Evidence:
  • Step 6 in SKILL.md uses a2a_send to relay PR details to Aivena/Telegram for user notification.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes PR titles and branch names authored by external parties.
  • Evidence Chain:
  • Ingestion points: Output from the gh pr list command in SKILL.md (Step 1).
  • Boundary markers: Absent; the external data is interpolated directly into report tables and alert messages.
  • Capability inventory: Execution of shell commands (bash, git, gh, jq) within the environment.
  • Sanitization: None; PR titles and branches are processed as raw strings.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 02:13 PM