babysitting-pr
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by consuming untrusted data from external sources and acting upon it.\n
- Ingestion points: The agent fetches and processes GitHub pull request comments via the GitHub API and CI failure logs via
gh run view(SKILL.md).\n - Capability inventory: The agent is empowered to modify project files, execute local build and linting scripts, and push these changes back to the remote repository.\n
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between its primary goals and potentially malicious instructions embedded in the external data it reads.\n
- Sanitization: No content validation or sanitization is performed on the ingested comments or logs before the agent attempts to implement described "fixes."\n- [COMMAND_EXECUTION]: The skill executes local scripts which can perform arbitrary actions based on the project's own configuration.\n
- Evidence: The skill instructs the agent to run
npm run lint,npm run build, andnpx tsc(SKILL.md).
Audit Metadata