submit-pr
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Git and GitHub CLI to perform repository operations, including fetching, rebasing, pushing, and creating pull requests. It also executes project-specific quality tools like linters and test runners which are defined in the user's local environment.
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface because it reads and processes external data from git commit logs and file diffs to generate pull request descriptions.
- Ingestion points: Content from git log and git diff is read into the agent's context in SKILL.md.
- Boundary markers: The skill does not define specific delimiters or instructions to ignore potential commands embedded within the commit messages or code diffs during the summarization process.
- Capability inventory: The agent can execute shell commands, push code to remote branches, and interface with the GitHub API.
- Sanitization: No explicit sanitization or filtering is performed on the data retrieved from the repository before it is processed.
Audit Metadata