affinage
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it processes untrusted content from external GitHub PR comments and CI logs.\n
- Ingestion points: Fetches inline and review-body comments using
gh apias described in the Flow section ofSKILL.md.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined for wrapping the ingested comment text before processing.\n
- Capability inventory: The skill can execute shell commands (via the referenced
/cureand/meltskills), post replies to GitHub viashared/post-reply.sh, and write files to the local.cheese/directory.\n - Sanitization: No sanitization or validation of the fetched comment text is mentioned before it is evaluated by the AI agent.\n- [COMMAND_EXECUTION]: The skill utilizes standard development tools including
gitand the GitHub CLI (gh) to perform repository management tasks such as checking out PRs, merging branches, and rerunning CI jobs. These operations are consistent with the skill's stated purpose of PR triage.
Audit Metadata