drive-pr-walkthrough
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and interprets untrusted text from external sources to generate narrative summaries.
- Ingestion points: The skill reads external data via
git log,git diff, andgh pr view(SKILL.md). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard potential instructions embedded within commit messages or PR bodies.
- Capability inventory: The agent has the capability to execute shell commands (
git,gh) and perform file system writes (SKILL.md). - Sanitization: No evidence of sanitization or filtering of the ingested data is present.
- [COMMAND_EXECUTION]: The skill relies on executing shell commands to gather necessary context from the repository.
- Evidence: It explicitly instructs the agent to use
git log,git diff, andgh pr viewto extract information for the walkthrough (SKILL.md).
Audit Metadata