security-audit
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses dynamic context injection to execute shell commands (
git rev-parse,git diff,git log,gh pr view) to gather repository state at load time.\n- [PROMPT_INJECTION]: The skill ingests untrusted pull request metadata which introduces an indirect prompt injection surface.\n - Ingestion points: Pull request title, body, and comments are fetched via
gh pr viewand injected into the orientation context inSKILL.md.\n - Boundary markers: Absent; metadata is interpolated directly into the instructions as bullet points without delimiters.\n
- Capability inventory: The skill dispatches a separate
security-auditoragent that performs vulnerability audits on the branch code.\n - Sanitization: No validation or sanitization is performed on the external PR content before injection.
Audit Metadata