renovate-triage

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) to perform repository search and pull request management tasks as part of its core functionality.
  • [COMMAND_EXECUTION]: It employs dynamic context injection (!command) to fetch live PR data at load time via gh search prs. This use case is benign and limited to PRs authored by the well-known Renovate bot.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Untrusted PR metadata (titles, labels, repository names) enter the agent context via GitHub CLI commands. 2. Boundary markers: No explicit delimiters or instructions are used to distinguish external data from agent commands. 3. Capability inventory: The skill has the ability to modify pull requests (merge, close) via gh pr and gh api. 4. Sanitization: No sanitization or validation of the ingested metadata is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 04:50 PM
Security Audit — agent-trust-hub — renovate-triage