skills/yamadashy/skills/pr-vet/Gen Agent Trust Hub

pr-vet

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill implements advanced defensive measures against indirect prompt injection by defining PR content (titles, bodies, comments) as untrusted data rather than instructions. It specifies that the analysis should be delegated to a restricted sub-agent (using the Task tool) to isolate the orchestration agent from potentially malicious payloads.
  • [COMMAND_EXECUTION]: The skill uses local shell commands (gh, grep, wc, python3) to perform its audit. These tools are used for data retrieval and technical analysis of the pull request diff, with clear instructions to use them in a read-only manner.
  • [DATA_EXFILTRATION]: The skill scans for data exfiltration patterns in pull requests, including credential harvesting signatures and unauthorized network primitives. The skill itself does not perform any network operations to non-whitelisted domains, with its data access restricted to the GitHub API for the target repository.
  • [SAFE]: Ingestion points: Pull request metadata and diffs retrieved via the GitHub CLI. Boundary markers: The skill mandates processing untrusted text in an isolated context and explicitly instructs the agent to ignore any embedded commands or formatting (e.g., HTML comments, fake system prompts). Capability inventory: The skill uses standard CLI tools for text processing and GitHub interaction. Sanitization: The skill performs rigorous multi-step scanning for malicious indicators, including hidden Unicode characters, homoglyphs, and obfuscated code patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 12:53 AM
Security Audit — agent-trust-hub — pr-vet