drive-pr-walkthrough

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and interprets untrusted text from external sources to generate narrative summaries.
  • Ingestion points: The skill reads external data via git log, git diff, and gh pr view (SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard potential instructions embedded within commit messages or PR bodies.
  • Capability inventory: The agent has the capability to execute shell commands (git, gh) and perform file system writes (SKILL.md).
  • Sanitization: No evidence of sanitization or filtering of the ingested data is present.
  • [COMMAND_EXECUTION]: The skill relies on executing shell commands to gather necessary context from the repository.
  • Evidence: It explicitly instructs the agent to use git log, git diff, and gh pr view to extract information for the walkthrough (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 05:56 AM
Security Audit — agent-trust-hub — drive-pr-walkthrough