Skills
skills/bitwarden/ai-plugins/creating-pull-request/Gen Agent Trust Hub

creating-pull-request

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill incorporates an indirect prompt injection surface by instructing the agent to read and process external data from .github/PULL_REQUEST_TEMPLATE.md to construct command arguments for PR creation.
  • Ingestion points: Reads contents from .github/PULL_REQUEST_TEMPLATE.md in the active repository (referenced in SKILL.md).
  • Boundary markers: The template content is interpolated into the PR body without explicit delimiters or instructions to ignore embedded agent directives.
  • Capability inventory: The skill utilizes gh pr create and git push, which are shell-based command executions.
  • Sanitization: No validation or sanitization of the template content is performed before it is used by the agent to build commands.
  • [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) and Git to perform repository operations, including pushing branches and opening pull requests.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 06:12 PM