nemoclaw-maintainer-pr-comparator

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data (GitHub issue comments and PR descriptions) to perform automated evaluations and generate merge recommendations. Maliciously crafted content in these fields could attempt to manipulate the agent's scoring or verdict.
  • Ingestion points: SKILL.md (Step 1 retrieves issue body and all comments), scripts/parse-supersession.sh (retrieves PR body content).
  • Boundary markers: Absent. The instructions do not specify explicit delimiters or 'ignore' instructions for the LLM when processing the ingested GitHub content.
  • Capability inventory: Employs gh CLI for read-only operations (view, search, list).
  • Sanitization: Uses jq for JSON parsing and restrictive regular expressions for file path extraction in scripts/find-candidates.sh.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:27 AM
Security Audit — agent-trust-hub — nemoclaw-maintainer-pr-comparator