pr-workflow
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The scripts/coordinator-validate.py script and instructions in references/miner.md and references/mining-commands.md automate the retrieval of GitHub tokens from the macOS keychain using the 'security find-internet-password' command.
- [COMMAND_EXECUTION]: The skill performs shell command execution through Python's subprocess.run to manage Git workflows and access system passwords. It also uses dynamic module loading via import in scripts/validate.py.
- [DATA_EXFILTRATION]: The scripts/miner.py tool retrieves review data and code context from GitHub and stores it in consolidated local JSON files, creating a single point of exposure for harvested repository interactions.
- [PROMPT_INJECTION]: The PR mining and feedback processing workflows ingest untrusted data from GitHub PR comments into rules files, introducing a surface for indirect prompt injection.
- [EXTERNAL_DOWNLOADS]: The pipeline references external scripts located outside the skill directory such as classify-repo.py and requires installation of the PyGithub library.
Audit Metadata