Skills
skills/shipshitdev/library/merge-open-prs/Gen Agent Trust Hub

merge-open-prs

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell-based commands using git, gh, and jq to perform repository management tasks. These include fetching data, listing PRs, and merging code. All destructive or state-changing actions are protected by user confirmation checkpoints.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data from external GitHub pull requests.
  • Ingestion points: External data enters the context via gh pr list (PR titles/metadata) and gh pr diff (code content) as documented in SKILL.md.
  • Boundary markers: The instructions do not implement specific delimiters or 'ignore' directives to isolate the untrusted PR content from the agent's logic.
  • Capability inventory: The skill is authorized to use git, gh, and jq for shell command execution.
  • Sanitization: No explicit sanitization or filtering of the ingested pull request content is performed prior to the review process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 01:13 PM
Security Audit — agent-trust-hub — merge-open-prs