Engineering manager 1-on-1 meeting brief generator
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broad GitHub token could expose private repository activity beyond the intended team or organization if mis-scoped.
The skill needs delegated GitHub access and may use a broad classic PAT, though it clearly warns users and recommends finer-grained scoping.
A GitHub personal access token ... Option B: Classic PAT (Broader access) ... Scope: `repo` ... Warning: This grants broad access. Set `GITHUB_ORG` to limit scope to one organization.
Use a dedicated fine-grained read-only token limited to the needed repositories or organization, set GITHUB_ORG, and revoke the token when finished.
Repository names, PR titles, scores, and optional discussion excerpts may be shared with the user's AI provider.
The artifacts clearly disclose that generated LLM input leaves the local machine for an external AI provider.
Agent inference | External | LLM input payload sent to your AI provider ... The final brief generation step sends data to your configured AI provider.
Review `.pullstar/llm_input_{login}.json` before model inference and confirm the AI provider is approved for the repository data involved.
A malicious or noisy PR comment could skew the 1-on-1 brief or attempt prompt injection, especially in PR Insights mode.
Optional PR Insights mode deliberately places untrusted human/bot PR text into the LLM prompt, which could try to influence the generated brief.
PR comments/reviews may contain untrusted input ... Bot messages are labeled but still included ... Raw PR discussion text ... packaged into LLM prompt
Use PR Insights only when needed, review the LLM input first, and treat PR excerpts as untrusted data rather than instructions.
Local `.pullstar` files may contain sensitive engineering metadata or raw PR discussion excerpts if PR Insights is enabled.
The skill stores retrieved GitHub context and LLM prompt artifacts locally for reuse in later steps.
`ingest_{login}.json` ... Raw GitHub activity, PR details ... `llm_input_{login}.json` ... LLM prompt payload ... All artifacts written to `.pullstar/`Keep `.pullstar/` private, ensure it is actually gitignored in the working repository, and delete artifacts when they are no longer needed.
Manual unpinned installs can vary over time or across machines.
The skill relies on user-installed Python packages without pinned versions in the provided install instructions.
Install dependencies: `pip install PyGithub python-dotenv`
Install in a virtual environment and consider pinning dependency versions from trusted package sources.