pr-cache-sync
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill ingests PR review content from GitHub, which is an external untrusted source.\n
- Ingestion points: The 'cache-sync.sh' script fetches PR data from GitHub API as described in the workflow.\n
- Boundary markers: No specific delimiters or instructions to ignore embedded instructions within the PR content are defined in the skill instructions.\n
- Capability inventory: The skill utilizes script execution tools ('get-pr-number.sh' and 'cache-sync.sh') to manage local cache files.\n
- Sanitization: There is no evidence of sanitization or validation of the fetched PR content before it is processed or reported to the user.
Audit Metadata