skills/csark0812/toolbox/pull-request/Gen Agent Trust Hub

pull-request

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using git and gh to manage pull request workflows.
  • Fetches repository data using git fetch origin <base> and generates diffs using git diff in references/shared.md.
  • Interacts with GitHub to retrieve pull request metadata using gh pr view and updates descriptions using gh pr edit as described in references/shared.md and references/describe.md.
  • Shell commands incorporate user-supplied variables (e.g., <base> branch names) or values retrieved from CLI outputs.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks common to tools that process untrusted external data like code diffs.
  • Ingestion points: The skill ingests untrusted content from git diff output, which may contain malicious instructions embedded in code comments or commit messages (identified in references/shared.md).
  • Boundary markers: There are no explicit instructions or delimiters used to warn the agent to ignore or isolate instructions found within the diff content.
  • Capability inventory: The skill has the ability to write to the filesystem and execute network-connected shell commands via gh.
  • Sanitization: No evidence of filtering or sanitization of the diff content is present before it is analyzed for summary generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 05:20 PM
Security Audit — agent-trust-hub — pull-request