Skills
skills/kjetilhartveit/merge-renovate-prs-skill/merge-renovate-pull-requests/Gen Agent Trust Hub

merge-renovate-pull-requests

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) and standard Git commands to manage pull requests and branches. It also executes pnpm install and build/test scripts to verify updates.
  • [EXTERNAL_DOWNLOADS]: The skill triggers downloads from the npm registry via pnpm install to update project dependencies.
  • [DATA_EXFILTRATION]: (Risk Factor) The skill is designed to ingest and process data from external sources, specifically pull request descriptions and changelogs. This presents a surface for indirect prompt injection where adversarial instructions in a dependency's changelog could attempt to influence the agent's actions.
  • Ingestion points: Pull request descriptions and external changelogs linked in PRs.
  • Boundary markers: None. The agent is instructed to read and follow documentation directly.
  • Capability inventory: Subprocess execution via pnpm, git, and gh tools.
  • Sanitization: None. The agent relies on its own context to interpret the external text.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 10:11 PM