Skills
skills/curev/skills/prepare-pull-request/Gen Agent Trust Hub

prepare-pull-request

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to manage Git repository operations, including git stash, git checkout, git pull, git add, git commit, and git push. It also identifies and runs project-specific linters and formatters like eslint, prettier, ruff, and black on modified files. These operations are restricted to the local repository context and standard development tooling.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted data from the local repository state.
  • Ingestion points: It reads file content changes via git diff and commit history via git log to generate conventional commit messages.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard instructions potentially embedded within the file diffs or previous commit messages.
  • Capability inventory: The skill has the capability to write to the repository (git commit), push to remote (git push), and execute CLI tools based on the project configuration.
  • Sanitization: Content ingested from the Git repository is not sanitized or escaped before being used by the agent to generate summaries or commit messages.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:42 AM