pr-status-triage
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution: The skill relies on several CLI tools, including
node,pnpm,cargo, andgh(GitHub CLI). These tools are used to execute a local maintenance script (scripts/pr-status.js), run tests, and manage GitHub PR states. This pattern is standard for developer-oriented automation skills. - Indirect Prompt Injection Surface: The skill is designed to ingest and analyze external data such as CI job logs and PR review comments.
- Ingestion points: Data is read from files generated by the triage script, specifically
scripts/pr-status/index.md,job-{id}.md, andthread-{N}.md. - Capability inventory: The agent has the ability to execute shell commands (
pnpm,node,gh) based on its analysis of these files. - Boundary markers: The instructions do not explicitly define boundary markers for the external content, though they guide the agent toward specific analytical steps (prioritization and matching environment variables).
- Sanitization: There is no explicit sanitization step for the content of the PR threads or logs. While this is a common surface for indirect prompt injection, the risk is inherent to the skill's primary purpose of processing PR-related data.
- Environment Variable Configuration: The skill provides instructions for mirroring CI environment variables locally to reproduce failures. This is a common and necessary practice for debugging, though users should ensure that variables being mirrored do not conflict with sensitive local configurations.
Audit Metadata