github-pr-triage
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Dart script (
bin/triage.dart) and standard CLI tools (git,gh) to inspect the repository state and interact with the GitHub API. - [EXTERNAL_DOWNLOADS]: Fetches Pull Request metadata, unresolved review comments, and CI/CD logs from GitHub. These operations target a well-known service and are essential to the skill's primary function.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests untrusted data from GitHub PR comments and CI logs that could contain malicious instructions.
- Ingestion points: The
bin/triage.dartscript retrieves comment bodies and workflow logs (file:bin/triage.dart). - Boundary markers: Comments are wrapped in markdown blockquotes (
>) and logs are placed inside markdown code blocks (file:bin/triage.dart). - Capability inventory: The agent is authorized to modify files, run tests, and perform git operations (commit/push) after obtaining user approval (file:
SKILL.md). - Sanitization: Basic newline escaping is applied to comments to maintain markdown structure, but the content is not semantically sanitized.
Audit Metadata