iterate-pr
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for repository automation and uses standard, well-known development tools such as Git, GitHub CLI (gh), and uv. No attempts to bypass security filters or override system instructions were found.
- [DATA_EXFILTRATION]: The skill accesses pull request metadata and CI logs, which is necessary for its stated purpose. It does not attempt to access sensitive files (e.g., SSH keys, AWS credentials) or exfiltrate data to unauthorized domains.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns were detected. The skill executes locally bundled scripts via 'uv run' and uses the authenticated GitHub CLI for API interactions.
- [SAFE]: A surface for indirect prompt injection exists because the skill processes external data (CI logs and PR comments) and has the capability to write code and push commits. This is a characteristic of the skill's primary function.
- Ingestion points: CI check log snippets (fetched via scripts/fetch_pr_checks.py) and PR review comments (fetched via scripts/fetch_pr_feedback.py).
- Boundary markers: Absent. The skill does not use delimiters to wrap the external data ingested into the prompt.
- Capability inventory: The skill can modify local files, commit changes, push to remote branches, and use the GitHub API to reply to comments.
- Sanitization: Absent. The skill relies on the agent's interpretation of the logs and feedback without explicit sanitization steps.
Audit Metadata