pr-summary
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection (the
!commandsyntax) in SKILL.md to execute local GitHub CLI commands (gh pr diff,gh pr view,gh pr status) and the systemdatecommand at load time. These operations are used to gather context for the pull request summary and are consistent with the skill's primary function. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted data from pull request diffs and comments.
- Ingestion points: Untrusted data is retrieved from GitHub through the output of the
ghcommands in SKILL.md. - Boundary markers: The skill does not define clear boundary markers or provide explicit instructions to the agent to treat the retrieved content as untrusted data.
- Capability inventory: The skill focuses on analysis and summarization; it does not request high-risk capabilities like file system writes or unauthorized network access in conjunction with this data.
- Sanitization: No sanitization or filtering is performed on the data fetched from the pull request before it is passed to the model for analysis.
Audit Metadata