Repo PR Triage

Triage GitHub PRs and issues using vision-based scoring. Use when a user wants to prioritize, score, review, de-duplicate, or batch-process open pull request...

This skill appears coherent for its stated goal: it uses the gh CLI and Python stdlib to gather repo context, build a vision/rubric, score open PRs, and emit markdown reports. Before installing or running it: 1) Inspect SKILL.md, references/example-vision.md, and the generated interview prompt for any embedded 'ignore previous instructions' / 'you are now' style prompt text—remove or redact any suspicious assistant-directive text. 2) Only run it on machines where the configured gh authentication is acceptable (it will use your gh credentials). 3) When invoking scan.load_vision or the onboard flow, pass only trusted local vision/rubric file paths (the scripts will read whatever path you give them). 4) Because the code invokes gh via subprocess, run it in a controlled environment (container or throwaway VM) if you are unsure. 5) Run the bundled tests (they exist) to verify behavior in your environment. If you want, share the SKILL.md and example vision files you plan to use and I can point out any suspicious prompt text to remove.

Type: OpenClaw Skill Name: repo-pr-triage Version: 1.0.0 The skill bundle is suspicious due to multiple vulnerabilities. `scripts/onboard.py` is vulnerable to prompt injection, as it embeds unsanitized GitHub repository content (e.g., README, repo description) directly into the `interview-prompt.md` which is then fed to the AI agent. Similarly, `scripts/report.py` is vulnerable to markdown injection, embedding unsanitized PR titles and authors into generated markdown reports, which could lead to secondary prompt injection against the agent. Both `onboard.py` and `scan.py` also lack robust sanitization of user-provided GitHub repository URLs before passing them as arguments to the `gh` CLI, potentially leading to unexpected `gh` behavior or information disclosure.