dev-rules

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from GitHub, creating a surface for indirect prompt injection.
  • Ingestion points: Fetches comments using gh api repos/{owner}/{repo}/issues/{num}/comments and gh api repos/{owner}/{repo}/pulls/{num}/comments in the PR Workflow section.
  • Boundary markers: There are no instructions to use delimiters or ignore embedded instructions within the comments being read.
  • Capability inventory: The agent is authorized to modify code, perform Git operations (commit, push, rebase), and execute GitHub API calls.
  • Sanitization: No validation or sanitization of the comment data is described before the agent acts upon it.
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI to interact with repository metadata.
  • Evidence: Executes gh api calls to check merge readiness, fetch comments, and compare branch states. This is standard functional usage for PR management tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 04:50 PM
Security Audit — agent-trust-hub — dev-rules