Skills
skills/nexu-io/open-design/pr-feedback-quality-gate/Gen Agent Trust Hub

pr-feedback-quality-gate

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes repository-level validation via pnpm guard and performs Git operations such as git worktree, commit, and push. These commands are standard for a development-focused pull request management tool.
  • [PROMPT_INJECTION]: The skill processes untrusted external data from pull request review comments and feedback.
  • Ingestion points: PR review comments, review state, and feedback text in SKILL.md.
  • Boundary markers: Absent. The instructions do not specify the use of delimiters (e.g., XML tags or backticks) to isolate external feedback from the agent's core instructions.
  • Capability inventory: The skill has access to shell command execution (pnpm guard, builds, tests) and repository modification (git commit/push).
  • Sanitization: The workflow provides mitigation by instructing the agent to treat feedback as 'evidence, not authority' and to explicitly reject or downgrade suggestions that conflict with safety or ownership boundaries.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 09:21 PM
Security Audit — agent-trust-hub — pr-feedback-quality-gate