Skills
skills/github/gh-aw/github-pr-query/Gen Agent Trust Hub

github-pr-query

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the GitHub CLI (gh) and jq to fetch and filter pull request data. The commands are constructed using variables that are properly handled within the bash script, following standard practices for CLI wrappers.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes untrusted data (pull request metadata) from external GitHub repositories.
  • Ingestion points: External data is ingested in query-prs.sh via the gh pr list command.
  • Boundary markers: The script does not implement specific delimiters or 'ignore' instructions to wrap the external data in its output.
  • Capability inventory: The skill possesses capabilities to read repository data via gh and process it locally using jq.
  • Sanitization: There is no sanitization of the content (like PR titles or labels) retrieved from GitHub before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 06:38 AM