dev-rules
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from GitHub, creating a surface for indirect prompt injection.
- Ingestion points: Fetches comments using
gh api repos/{owner}/{repo}/issues/{num}/commentsandgh api repos/{owner}/{repo}/pulls/{num}/commentsin the PR Workflow section. - Boundary markers: There are no instructions to use delimiters or ignore embedded instructions within the comments being read.
- Capability inventory: The agent is authorized to modify code, perform Git operations (commit, push, rebase), and execute GitHub API calls.
- Sanitization: No validation or sanitization of the comment data is described before the agent acts upon it.
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI to interact with repository metadata.
- Evidence: Executes
gh apicalls to check merge readiness, fetch comments, and compare branch states. This is standard functional usage for PR management tasks.
Audit Metadata