Skills
skills/paulund/ai/learn-pr-learnt/Gen Agent Trust Hub

learn-pr-learnt

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from GitHub PR reviews and saves it into the agent's instructional files, creating a vulnerability to indirect prompt injection.\n
  • Ingestion points: The skill ingests PR comments, review bodies, and discussion threads using gh api calls in SKILL.md.\n
  • Boundary markers: Absent. The instructions do not specify boundary markers or include warnings to ignore instructions embedded in the comments.\n
  • Capability inventory: The agent can write extracted data to project-specific files (MEMORY.md, AGENTS.md) and global configuration files (~/.agents/skills/).\n
  • Sanitization: Absent. No logic is provided to sanitize or validate the content before it is stored as a persistent instruction.\n- [COMMAND_EXECUTION]: The skill executes shell commands using the GitHub CLI (gh) to search pull requests and fetch API data, and uses the date utility to calculate time ranges.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 04:14 PM
Security Audit — agent-trust-hub — learn-pr-learnt