Skills
skills/nexu-io/looper/pr-takeover/Gen Agent Trust Hub

pr-takeover

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and acts on pull request review comments without isolation or sanitization.
  • Ingestion points: Review thread bodies are fetched using the GitHub API in SKILL.md (Step 1) and references/github-commands.md.
  • Capability inventory: The agent is authorized to perform git push, gh pr merge, and various GitHub API mutations (such as resolving threads or dismissing reviews) based on the input from these comments.
  • Boundary markers: The instructions lack delimiters or warnings to treat review comments strictly as data rather than instructions.
  • Sanitization: No evidence of validation or filtering for comment content is provided.
  • [EXTERNAL_DOWNLOADS]: The skill references remote markdown files for additional instructions and documentation from the author's GitHub repository (nexu-io/looper). While these are vendor resources, they provide a remote update path for the agent's operating instructions.
  • [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh), git, and an optional background daemon (looper) to automate pull request workflows and repository management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 05:40 PM
Security Audit — agent-trust-hub — pr-takeover