Skills
skills/vibeeval/vibecosystem/autonomous-pr/Gen Agent Trust Hub

autonomous-pr

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains a vulnerability to indirect prompt injection by ingesting untrusted external data and using it to drive agent actions without proper sanitization.
  • Ingestion points: The skill reads PR review comments using gh api repos/OWNER/REPO/pulls/<NUMBER>/comments and CI failure logs via gh pr checks --json.
  • Boundary markers: No delimiters or instructions are used to separate the untrusted data from the system prompts (e.g., it directly interpolates comments into the prompt: PR #<NUMBER> icin su review feedback geldi: $(gh api ...)).
  • Capability inventory: The skill can modify local source code, perform git commits, push code to remote branches, and interact with the GitHub API to create or modify Pull Requests.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the content retrieved from GitHub comments or CI output before it is passed to the AI model.
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands and scripts to manage the PR lifecycle.
  • The ci-fix-loop.sh script programmatically checks CI status and executes code modification commands based on failure states.
  • While the commands (git, gh, jq) are standard development tools, the autonomous nature of the execution loop combined with unvalidated inputs from the repository status increases the risk of unintended behavior if the repository metadata is manipulated.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 05:43 PM
Security Audit — agent-trust-hub — autonomous-pr