Skills
skills/remix-run/remix/supersede-pr/Gen Agent Trust Hub

supersede-pr

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the GitHub CLI (gh) and a local TypeScript script to manage pull requests. The implementation is secure as it uses array-based spawnSync in Node.js without the shell: true option, preventing shell injection vulnerabilities.
  • [DATA_EXPOSURE]: The script reads pull request metadata (state, URL) via the gh CLI to verify status before and after operations. No sensitive environment variables, credentials, or private files are accessed or exfiltrated.
  • [SAFE]: The skill includes robust input validation. The close_superseded_pr.ts script explicitly validates that pull request numbers are numeric using the regex /^[0-9]+$/ before passing them to any commands. This prevents malicious payloads from being injected via user-provided arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 05:19 PM