pull-request-msg-with-gh

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local commands such as git branch, git diff, and gh issue list. These are used appropriately to gather context about current development work and related GitHub issues for PR message generation.
  • [EXTERNAL_DOWNLOADS]: Validation steps utilize npx to execute commitlint and markdownlint. The skill also suggests installing these packages (e.g., @commitlint/cli, markdownlint-cli) from the official NPM registry if they are not already present.
  • [DATA_EXFILTRATION]: The skill interacts with the GitHub API via the official gh CLI tool. While this involves outbound network requests, it is necessary for the skill's primary function of retrieving issue metadata and is confined to GitHub's infrastructure.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it reads and analyzes external data (git diffs and session history).
  • Ingestion points: The skill reviews file changes via git diff and historical session context.
  • Boundary markers: No specific delimiters or safety instructions are used to separate ingested content from the agent's logic.
  • Capability inventory: The skill is capable of writing local files (PR_MESSAGE.md), executing shell commands, and accessing the GitHub API.
  • Sanitization: Content retrieved from the repository state is processed directly without sanitization or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 03:31 AM
Security Audit — agent-trust-hub — pull-request-msg-with-gh