fluid-pr
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Command Execution: The skill executes standard
gitandgh(GitHub CLI) commands. These are used to verify repository state, push code branches, and create pull requests. This is consistent with the skill's intended purpose of automating PR workflows. - External Resource Integration: The skill dynamically loads an additional resource,
fluid-pr-guide, to retrieve naming conventions and pull request templates. This helps ensure that the generated content aligns with the Fluid Framework's specific guidelines. - User Confirmation Controls: A mandatory
AskUserQuestionstep is implemented, ensuring the agent does not push code or create a pull request without explicit user approval. This human-in-the-loop mechanism provides significant protection against unintended or automated actions. - Repository Guardrails: The skill includes logic to prevent direct pushes to the main
microsoft/FluidFrameworkrepository, instead guiding the user toward a fork-and-PR model. It also restricts actions on protected branches likemainor release branches.
Audit Metadata