beaver-pr
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard command-line tools (
gitandgh) to automate local repository management and GitHub interactions. This is consistent with the skill's stated purpose. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. * Ingestion points: Processes untrusted data from git status, git diff, git log, and user-provided issue identifiers in SKILL.md. * Boundary markers: No explicit delimiters are used to separate repository data from task instructions. * Capability inventory: Performs subprocess calls to git and gh in SKILL.md. * Sanitization: No explicit sanitization of ingested data is performed before interpolation into the PR body.
Audit Metadata