ziw-pr
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is instructed to discover and run the 'repo full local gate' by scanning local project files such as package scripts, Makefiles, and Justfiles. This involves executing arbitrary local commands as defined by the repository context.
- [DATA_EXFILTRATION]: Aggregates local repository state (diffs, branch names, commit history) and transmits it to configured external code hosting and issue tracking providers (e.g., GitHub, Linear) to facilitate PR creation and status updates.
- [CREDENTIALS_UNSAFE]: Includes explicit instructions to exclude and unstage sensitive files such as
.envfiles, credential stores, and local secrets before finalizing any commits, which serves as a security best practice for development agents. - [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill ingests untrusted data from
git diffoutputs and external issue tracker descriptions. - Ingestion points: Analyzes
git diff, issue tracker content, and the repository's.coderabbit.yamlfile (SKILL.md). - Boundary markers: Absent; the instructions do not specify delimiters for data interpolation.
- Capability inventory: Execution of project-defined shell commands, git operations, and PR/issue state mutations (SKILL.md).
- Sanitization: Absent; no explicit validation or filtering of external content is defined.
Audit Metadata