prs
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- Data Protection Measures: The skill includes mandatory instructions to avoid staging internal management files (e.g.,
pr-description.md,lessons-learned.md, and thehistory/directory). This is a positive security practice that prevents the accidental exposure of internal bot state or metadata during the PR creation process. - Indirect Prompt Injection Surface: The skill is designed to respond to external inputs, such as maintainer comments and CI failure logs (via
gh run view). While this introduces a surface for indirect prompt injection, the skill's capabilities are appropriately scoped to Git and GitHub management tasks. - Command Execution Context: The skill utilizes standard development tools like
gitand the GitHub CLI (gh). These operations are consistent with the skill's stated purpose of managing the PR lifecycle and do not include signs of unauthorized command execution or privilege escalation.
Audit Metadata