deployless-ai-pr-governance
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious code, obfuscation, or dangerous command execution patterns were found. The skill is entirely composed of process guidelines and documentation templates.
- [PROMPT_INJECTION]: The skill interacts with untrusted data by instructing the agent to read pull request bodies, external bot/agent instructions, and PR templates. While this defines an indirect prompt injection surface, the skill implements mitigations by requiring human review gates, explicit triage labels, and strict validation rules for AI-generated content. (1) Ingestion points: Pull request bodies, bot accounts, PR templates, and instructions in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: File-write for PR templates, documentation, and labels. (4) Sanitization: None explicitly specified for external content.
Audit Metadata