renovate-triage
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to perform repository search and pull request management tasks as part of its core functionality. - [COMMAND_EXECUTION]: It employs dynamic context injection (
!command) to fetch live PR data at load time viagh search prs. This use case is benign and limited to PRs authored by the well-known Renovate bot. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Untrusted PR metadata (titles, labels, repository names) enter the agent context via GitHub CLI commands. 2. Boundary markers: No explicit delimiters or instructions are used to distinguish external data from agent commands. 3. Capability inventory: The skill has the ability to modify pull requests (merge, close) via
gh prandgh api. 4. Sanitization: No sanitization or validation of the ingested metadata is performed before processing.
Audit Metadata