Skills
skills/varnan-tech/opendirectory/explain-this-pr/Gen Agent Trust Hub

explain-this-pr

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the official GitHub CLI (gh) for all external interactions, including authentication checks, fetching PR data, and posting comments.
  • Execution paths include gh auth status, gh pr view, gh pr diff, and gh pr comment.
  • In SKILL.md, the posting of comments is handled using a shell heredoc (<< 'EOF'), which is a security best practice that prevents shell injection attacks by ensuring the comment body is not interpreted as shell commands.
  • [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection because it processes untrusted data from GitHub pull requests.
  • Ingestion points: The skill fetches PR metadata, full diffs, and existing comments using gh pr view and gh pr diff in SKILL.md.
  • Boundary markers: No explicit delimiters are used to wrap the untrusted PR content during the analysis phase.
  • Capability inventory: The skill has the ability to post comments back to the PR using gh pr comment.
  • Sanitization: Content is passed to the shell safely via heredoc. The skill limits the risk of obeying malicious instructions within the PR by providing the agent with strict formatting rules (e.g., "no invented outcomes", "under 150 words") and requiring explicit user confirmation before any comment is posted.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 03:08 PM
Security Audit — agent-trust-hub — explain-this-pr