check-pr
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted text from pull request descriptions and comments.
- Ingestion points: Data is ingested in SKILL.md through commands such as "gh pr view", "glab api", and "p4 describe" which retrieve user-generated text from the repository.
- Boundary markers: The instructions do not implement boundary markers or specific directives to ignore potentially malicious instructions embedded in the fetched PR content.
- Capability inventory: The skill has capabilities in SKILL.md to modify the repository via "git commit"/"git push" and "p4 edit"/"p4 shelve", and it can modify pull request states by resolving review threads through GraphQL and REST APIs.
- Sanitization: No sanitization or validation logic is present to filter external content before the agent evaluates it.
- [COMMAND_EXECUTION]: The skill uses standard version control and repository management CLI tools including git, gh (GitHub CLI), glab (GitLab CLI), and p4 (Perforce CLI). These tools are used for intended operations such as viewing PR status, fetching discussion threads, and committing addressed feedback.
Audit Metadata