Skills
skills/paulund/ai/dev-pr/Gen Agent Trust Hub

dev-pr

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using git and the GitHub CLI (gh) to manage branches, view pull request details, and post replies to comments. It also dynamically adapts to project-specific quality gate commands such as pnpm lint or npm test based on the project's configuration files (e.g., package.json, composer.json).\n- [PROMPT_INJECTION]: The skill processes untrusted external data from GitHub PR comments and CI failure logs. This exposes an indirect prompt injection surface where a malicious actor could include instructions in a PR comment or CI log to influence the agent's actions during the feedback resolution phase.\n
  • Ingestion points: PR comments are fetched from the GitHub API and CI logs are retrieved via the gh run view command as described in SKILL.md.\n
  • Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the fetched external content.\n
  • Capability inventory: The agent has permissions to edit local source code, create commits, and push changes to remote repositories.\n
  • Sanitization: There is no evidence of sanitization, validation, or filtering of the comment body or log content before the agent processes and actions it.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 04:15 PM
Security Audit — agent-trust-hub — dev-pr