Skills
skills/shipshitdev/skills/merge-open-prs/Gen Agent Trust Hub

merge-open-prs

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from GitHub pull requests.
  • Ingestion points: Pull request titles, branch names, and code diffs are retrieved using gh pr list and gh pr diff in SKILL.md (Phases 1 and 2).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when presenting PR data to the agent or the code-review skill.
  • Capability inventory: The skill can perform merges and delete remote branches via the gh tool in Phase 4.
  • Sanitization: No validation or escaping of the retrieved pull request data is performed before it is used to drive the workflow.
  • [COMMAND_EXECUTION]: The skill executes shell commands via git and gh to modify repository state. Although these actions are gated by a mandatory user confirmation in Phase 3, the arguments for these commands are derived from external pull request metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 08:08 PM
Security Audit — agent-trust-hub — merge-open-prs