task-to-pr

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates a workflow that ingests data from external sources, creating an entry point for indirect prompt injection.
  • Ingestion points: Processes ticket descriptions, acceptance criteria, and PR rules from external trackers (Step 1), and handles feedback from reviewers or automated bots (Step 8).
  • Boundary markers: The skill does not explicitly instruct the agent to use delimiters or ignore instructions embedded within the ticket or feedback content.
  • Capability inventory: The agent has the authority to write code, execute local test suites (Step 4), and interact with remote repositories (pushing branches and creating PRs).
  • Sanitization: The instructions lack specific requirements for validating or sanitizing input from the ticket reference or feedback loop before it influences agent behavior.
  • [COMMAND_EXECUTION]: The skill instructions require the agent to 'Run focused checks' (Step 4). While this is a standard developer activity for verifying code changes through test runners or linters, it involves the execution of shell commands based on the project environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 02:26 PM
Security Audit — agent-trust-hub — task-to-pr