← Back to Skills Marketplace
Repo PR Triage
by
Patrick Robinson
· GitHub ↗
· v1.0.0
710
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install repo-pr-triage
Description
Triage GitHub PRs and issues using vision-based scoring. Use when a user wants to prioritize, score, review, de-duplicate, or batch-process open pull request...
Usage Guidance
This skill appears coherent for its stated goal: it uses the gh CLI and Python stdlib to gather repo context, build a vision/rubric, score open PRs, and emit markdown reports. Before installing or running it: 1) Inspect SKILL.md, references/example-vision.md, and the generated interview prompt for any embedded 'ignore previous instructions' / 'you are now' style prompt text—remove or redact any suspicious assistant-directive text. 2) Only run it on machines where the configured gh authentication is acceptable (it will use your gh credentials). 3) When invoking scan.load_vision or the onboard flow, pass only trusted local vision/rubric file paths (the scripts will read whatever path you give them). 4) Because the code invokes gh via subprocess, run it in a controlled environment (container or throwaway VM) if you are unsure. 5) Run the bundled tests (they exist) to verify behavior in your environment. If you want, share the SKILL.md and example vision files you plan to use and I can point out any suspicious prompt text to remove.
Capability Analysis
Type: OpenClaw Skill
Name: repo-pr-triage
Version: 1.0.0
The skill bundle is suspicious due to multiple vulnerabilities. `scripts/onboard.py` is vulnerable to prompt injection, as it embeds unsanitized GitHub repository content (e.g., README, repo description) directly into the `interview-prompt.md` which is then fed to the AI agent. Similarly, `scripts/report.py` is vulnerable to markdown injection, embedding unsanitized PR titles and authors into generated markdown reports, which could lead to secondary prompt injection against the agent. Both `onboard.py` and `scan.py` also lack robust sanitization of user-provided GitHub repository URLs before passing them as arguments to the `gh` CLI, potentially leading to unexpected `gh` behavior or information disclosure.
Capability Assessment
Purpose & Capability
Name/description (PR triage, vision-based scoring) match the code and SKILL.md. The scripts call the gh CLI for repo data, generate a vision/rubric, score PRs, and render markdown reports — all expected for this purpose.
Instruction Scope
Runtime instructions are narrowly scoped to onboarding (gather repo context), scanning (gh pr list, rule-based scoring), and reporting. However, a pre-scan detected prompt-injection patterns in SKILL.md (e.g., 'ignore-previous-instructions', 'you-are-now') — these are not necessary for triage and should be reviewed. The scripts read user-supplied vision files and write reports, which is expected, but you should confirm no hidden prompt text or unexpected outbound endpoints are embedded in the provided vision/rubric files.
Install Mechanism
No install spec; this is instruction/code-only and relies on the system's gh CLI and Python 3.10+. That's proportionate for a tool that calls gh. Nothing is downloaded from arbitrary URLs or installed automatically by the skill.
Credentials
The skill requests no environment variables and no credentials in its metadata. It does require the user to have gh authenticated (gh auth login) — which is appropriate for interacting with GitHub. There are no unrelated credential requests. Note: the gh CLI will use whatever GitHub identity is configured on the host, so only run where that is acceptable.
Persistence & Privilege
The skill is not forced always-on (always: false) and does not ask to modify other skills or system settings. It writes files to the output directory you supply (vision.md, rubric.md, reports), which is normal for this workflow.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install repo-pr-triage - After installation, invoke the skill by name or use
/repo-pr-triage - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of pr-triage skill for GitHub repo PR and issue triage:
- Supports scoring, prioritizing, and batching PRs/issues using a vision-based rubric.
- Onboarding workflow interviews repo owners to build a project-specific vision and rubric.
- Automated scan step fetches and scores PRs with rule-based heuristics and duplicate detection.
- Generates actionable Markdown reports for prioritizing, reviewing, and closing PRs.
- Integrates with GitHub via the gh CLI; requires only Python stdlib.
- Includes instructions for cron-based recurring triage sessions.
Metadata
Frequently Asked Questions
What is Repo PR Triage?
Triage GitHub PRs and issues using vision-based scoring. Use when a user wants to prioritize, score, review, de-duplicate, or batch-process open pull request... It is an AI Agent Skill for Claude Code / OpenClaw, with 710 downloads so far.
How do I install Repo PR Triage?
Run "/install repo-pr-triage" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Repo PR Triage free?
Yes, Repo PR Triage is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Repo PR Triage support?
Repo PR Triage is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Repo PR Triage?
It is built and maintained by Patrick Robinson (@patrob); the current version is v1.0.0.
More Skills