pull-requests
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Behavioral Constraints: The skill includes a specific directive for automated or AI reviewers to ignore the 'What do you want reviewers to focus on?' section. This acts as a scope override that modifies how the agent evaluates PR content.
- Command Execution: The skill utilizes the
ghCLI tool to perform repository operations, such as creating pull requests and interacting with the GitHub API (REST and GraphQL) to manage comments and review threads. These operations are essential for the skill's intended PR management functionality. - Indirect Instruction Processing: The skill is designed to process PR review comments which may originate from external contributors. This creates a surface for indirect instructions:
- Ingestion points: Review comments are retrieved using
gh apiand GraphQL queries as described inSKILL.md. - Boundary markers: No specific delimiters or warnings are used to distinguish external comment text from instructions.
- Capability inventory: The skill allows the agent to modify code ('Implement. Make the agreed changes') and perform network operations via the GitHub API.
- Sanitization: No validation or sanitization of comment content is performed before the agent incorporates it into its implementation plan.
Audit Metadata