pr-learning
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands including 'gh' and 'git' to interact with pull request data and repository history. It also uses 'cp' for creating backups of documentation files prior to updates.
- [PROMPT_INJECTION]: The skill fetches and analyzes PR descriptions and comments, which are external, untrusted sources. This creates a surface for indirect prompt injection where malicious instructions embedded in a PR could attempt to influence the agent's analysis or extraction process.
- Ingestion points: Data is ingested via 'gh pr view' and 'gh api' calls in Step 2 to gather reviews and comments.
- Boundary markers: There are no explicit instructions for the agent to use delimiters or ignore potential commands within the fetched PR content.
- Capability inventory: The agent has permissions to execute shell commands ('gh', 'git', 'cp') and write to local files.
- Sanitization: The workflow does not specify any sanitization or validation steps for the content retrieved from GitHub before it is processed.
Audit Metadata