nemoclaw-maintainer-pr-comparator
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (GitHub issue comments and PR descriptions) to perform automated evaluations and generate merge recommendations. Maliciously crafted content in these fields could attempt to manipulate the agent's scoring or verdict.
- Ingestion points:
SKILL.md(Step 1 retrieves issue body and all comments),scripts/parse-supersession.sh(retrieves PR body content). - Boundary markers: Absent. The instructions do not specify explicit delimiters or 'ignore' instructions for the LLM when processing the ingested GitHub content.
- Capability inventory: Employs
ghCLI for read-only operations (view, search, list). - Sanitization: Uses
jqfor JSON parsing and restrictive regular expressions for file path extraction inscripts/find-candidates.sh.
Audit Metadata