Skills
skills/existential-birds/beagle/fetch-pr-feedback/Gen Agent Trust Hub

fetch-pr-feedback

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from GitHub PR comments and passes it to another skill (beagle-core:receive-feedback) for evaluation, creating an Indirect Prompt Injection surface.
  • Ingestion points: Untrusted data enters via gh api calls fetching issue and review comments in SKILL.md.
  • Boundary markers: The skill organizes content into Markdown sections but does not use explicit delimiters or "ignore instructions" wrappers to protect the agent from instructions embedded in the comments.
  • Capability inventory: The skill possesses the capability to execute shell commands (gh, jq, cat) and delegate tasks to secondary skills via the Skill tool.
  • Sanitization: The skill uses jq regex (gsub) to remove known bot metadata and HTML comments and truncates bodies to 4000 characters, but it does not perform semantic validation or instruction filtering on the remaining text.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the GitHub CLI and JSON processing tools to automate data retrieval and formatting.
  • Evidence: Executes gh pr view, gh repo view, gh api, and jq with dynamically created filter files stored in /tmp/.
  • Evidence: Uses shell heredocs (<< 'JQEOF') to write complex logic to temporary files before execution, which is a standard method for managing multi-line script inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 03:32 AM