supersede-pr
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the GitHub CLI (
gh) via a bundled TypeScript script to automate PR closure. The script usesspawnSyncwith argument arrays and does not enable shell execution, which is a secure method for calling external binaries. - [SAFE]: The skill implements robust input validation. PR numbers are verified using a numeric-only regex (
/^[0-9]+$/) before being passed as arguments, mitigating the risk of command injection through user-provided PR IDs. - [DATA_EXPOSURE]: No hardcoded credentials, sensitive file access, or unauthorized network operations were detected. The skill's operations are confined to standard GitHub PR management via the authenticated
ghCLI. - [SAFE]: The execution logic is transparent and matches the stated purpose of the skill. No obfuscation, persistence mechanisms, or privilege escalation attempts were found.
Audit Metadata