Skills
skills/fjrevoredo/mini-diarium/apply-dependency-prs/Gen Agent Trust Hub

apply-dependency-prs

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses cmd.exe /c to run shell commands for package managers (bun install, npm install) and project validation tools (type-check, lint, test:run). These operations are necessary for managing project dependencies within a WSL/Windows development environment.
  • [EXTERNAL_DOWNLOADS]: Fetches PR metadata and diffs from GitHub via the gh CLI. This involves interacting with an external source of data as part of the primary workflow.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from GitHub PR titles and bodies, creating an indirect prompt injection surface.
  • Ingestion points: PR metadata and diffs fetched via gh pr view (Phase 1, Step 1).
  • Boundary markers: No explicit delimiters or warnings are used to isolate ingested PR content.
  • Capability inventory: File system write access, package installation (bun, npm), and execution of shell-based validation scripts.
  • Sanitization: No explicit sanitization is performed on the fetched text; the skill relies on the agent's ability to selectively extract version strings.
  • Mitigation: The risk is significantly reduced by the mandatory requirement for a human-reviewed plan in 'Phase 2: Planning', which must be approved before any changes are implemented.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 04:17 PM