complete-partial-pr
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its integration with external data. 1. Ingestion points: Untrusted data enters the agent context via 'gh pr view' (PR bodies and comments) and 'WebFetch' (technical documentation and protocol specs). 2. Boundary markers: The instructions do not define delimiters or warnings to ignore embedded instructions in the fetched data. 3. Capability inventory: The skill allows the agent to 'Write' and 'Edit' files, and execute shell commands ('Bash'), including Git operations and test execution. 4. Sanitization: There is no mention of sanitizing or validating the retrieved external content before it influences code changes.\n- [COMMAND_EXECUTION]: The skill utilizes shell commands to manage development workflows, including 'git' for branch management and 'gh' for GitHub interaction. It specifically executes 'uv run pytest' and 'uv run pyright' to validate code against the project's test suite and type system.\n- [EXTERNAL_DOWNLOADS]: The skill is instructed to use 'WebFetch' to retrieve integration contracts, API schemas, and protocol references from primary technical documentation sources to verify implementation correctness.
Audit Metadata