Skills
skills/harness/harness-skills/manage-pull-requests/Gen Agent Trust Hub

manage-pull-requests

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from pull request activity and descriptions.
  • Ingestion points: The agent fetches data from pull request resources via harness_get and discussion timelines (comments) via harness_list with resource_type: "pr_activity".
  • Boundary markers: The instructions do not define clear delimiters or include warnings to ignore instructions embedded within the processed PR content.
  • Capability inventory: The agent has significant capabilities including merging pull requests (harness_execute), deleting comments (harness_delete), and updating PR states (harness_update).
  • Sanitization: No sanitization or validation logic is present to filter malicious instructions from the ingested PR data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 12:57 AM
Security Audit — agent-trust-hub — manage-pull-requests