Skills
skills/notque/claude-code-toolkit/pr-miner/Gen Agent Trust Hub

pr-miner

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The script scripts/miner.py is programmed to read GitHub authentication tokens directly from a hardcoded sensitive path in the user's home directory (~/.github-token).
  • [COMMAND_EXECUTION]: The validation script scripts/validate.py uses the __import__() function for dynamic module loading to verify the presence of the github library at runtime.
  • [PROMPT_INJECTION]: The skill processes untrusted data from GitHub PR comments, representing an indirect prompt injection surface.
  • Ingestion points: Fetches PR review comments from external repositories via the GitHub API in scripts/miner.py.
  • Boundary markers: Absent; the output JSON does not contain markers or instructions for downstream agents to isolate or ignore embedded content.
  • Capability inventory: The skill includes access to Bash, Write, Edit, and Task tools across its lifecycle.
  • Sanitization: No sanitization or filtering of external comment body text is performed during the extraction process.
  • [DATA_EXFILTRATION]: The skill performs automated extraction of repository data and PR history from GitHub and writes this information to local files, constituting a flow of potentially sensitive project metadata into the local environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 05:28 PM
Security Audit — agent-trust-hub — pr-miner