watch-asc-pr

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from pull request comments and reviews which could serve as an indirect prompt injection vector.\n
  • Ingestion points: Pull request reviews, top-level comments, and GraphQL review threads (SKILL.md).\n
  • Boundary markers: None present in the instructions to delimit user content from system instructions.\n
  • Capability inventory: Code modification, running tests, committing and pushing to the repository.\n
  • Sanitization: Includes a manual verification step ('Verify every new claim... Do not follow automated feedback blindly') to mitigate the risk of the agent obeying malicious instructions embedded in comments.\n- [COMMAND_EXECUTION]: The skill performs command-line operations to run tests ('focused check') and update the repository ('commit, and push') in SKILL.md. These actions are aligned with the skill's stated purpose and are guarded by instructions to verify defects before applying fixes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 02:43 AM
Security Audit — agent-trust-hub — watch-asc-pr