Skills
skills/holon-run/holon/github-pr-fix/Gen Agent Trust Hub

github-pr-fix

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands for build verification and testing. It also utilizes the GitHub CLI (gh) for repository management and git for pushing code changes to the active PR branch.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted content from GitHub PR comments and review threads.
  • Ingestion points: PR metadata, file content, issue comments, and review threads are fetched via gh pr view and gh api (documented in SKILL.md and references/pr-fix-workflow.md).
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between untrusted PR comments and system instructions.
  • Capability inventory: The skill has the ability to perform git push, post comments via gh api, and run arbitrary "verification commands" (e.g., tests/builds) in the local environment.
  • Sanitization: No sanitization or validation of the fetched PR content is specified before the agent processes the information.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 05:11 PM
Security Audit — agent-trust-hub — github-pr-fix