Skills
skills/github/gh-aw/pr-finisher/Gen Agent Trust Hub

pr-finisher

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted external data.
  • Ingestion points: The skill reads PR reviews, threads, comments, and failed CI logs using commands like gh pr view and gh run view (Workflow steps 1, 2, and 4).
  • Boundary markers: There are no explicit instructions or delimiters used to isolate this untrusted data from the agent's core instructions.
  • Capability inventory: The agent has the authority to execute arbitrary make targets (fmt, lint, test, recompile), modify files, and push commits to the repository.
  • Sanitization: The instructions do not specify any validation or sanitization of the content retrieved from GitHub before it is processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 05:54 AM
Security Audit — agent-trust-hub — pr-finisher