Skills
skills/somtougeh/dotfiles/resolve-pr-parallel/Gen Agent Trust Hub

resolve-pr-parallel

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external data from PR comments to guide agent tasks.\n
  • Ingestion points: Pull request comments are retrieved via gh pr view and the GitHub API as defined in SKILL.md.\n
  • Boundary markers: There are no delimiters or specific instructions provided to the subagents to ignore instructions embedded within the PR comments.\n
  • Capability inventory: The skill has permissions to write to the filesystem (convention documentation) and perform git operations (git commit, git push).\n
  • Sanitization: Comment content is passed to subagents without validation or sanitization.\n- [COMMAND_EXECUTION]: The skill uses command-line tools for legitimate project management actions.\n
  • Evidence: Utilizes gh for retrieving PR status and metadata, and git for committing and pushing updates to the repository.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:09 AM
Security Audit — agent-trust-hub — resolve-pr-parallel