gh-pr-rebase
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify the execution of git and gh commands to manage the lifecycle of a PR rebase, including fetching, rebasing, and pushing changes to remote repositories (SKILL.md).\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external repositories (commit messages, file contents during conflicts) that could contain malicious instructions.\n
- Ingestion points: Reads repository metadata, commit history, and file contents during conflict resolution (SKILL.md).\n
- Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the data it processes.\n
- Capability inventory: The agent has the capability to execute shell commands (git/gh) and modify repository history, providing an impact path for successful injection (SKILL.md).\n
- Sanitization: There is no evidence of sanitization or filtering of commit messages or file contents before processing.
Audit Metadata