pull-request
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
gitandghto manage pull request workflows. - Fetches repository data using
git fetch origin <base>and generates diffs usinggit diffinreferences/shared.md. - Interacts with GitHub to retrieve pull request metadata using
gh pr viewand updates descriptions usinggh pr editas described inreferences/shared.mdandreferences/describe.md. - Shell commands incorporate user-supplied variables (e.g.,
<base>branch names) or values retrieved from CLI outputs. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks common to tools that process untrusted external data like code diffs.
- Ingestion points: The skill ingests untrusted content from
git diffoutput, which may contain malicious instructions embedded in code comments or commit messages (identified inreferences/shared.md). - Boundary markers: There are no explicit instructions or delimiters used to warn the agent to ignore or isolate instructions found within the diff content.
- Capability inventory: The skill has the ability to write to the filesystem and execute network-connected shell commands via
gh. - Sanitization: No evidence of filtering or sanitization of the diff content is present before it is analyzed for summary generation.
Audit Metadata