pr-watch
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing shell commands through
gh(GitHub CLI) andgit. It performs operations such as viewing PR status, fetching check details, listing and viewing workflow runs, and merging branches. - [PROMPT_INJECTION]:
- Ingestion points: The skill ingests raw failure logs from CI environments via the
gh run view --log-failedcommand inSKILL.md. - Boundary markers: Absent. The log content is processed directly to identify failure classes and strategies.
- Capability inventory: The skill has the ability to modify source code, commit changes, push to remote branches, and merge PRs.
- Sanitization: None. The skill relies on the agent's internal logic to interpret the logs and derive fixes.
- Analysis: This represents an indirect prompt injection surface where a malicious PR could produce logs designed to influence the agent's code generation. However, because this behavior is central to the skill's primary purpose and the agent requires user confirmation before merging, the risk is considered low and acceptable for its intended use case.
Audit Metadata