pull-request-msg-with-gh
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local commands such as
git branch,git diff, andgh issue list. These are used appropriately to gather context about current development work and related GitHub issues for PR message generation. - [EXTERNAL_DOWNLOADS]: Validation steps utilize
npxto executecommitlintandmarkdownlint. The skill also suggests installing these packages (e.g.,@commitlint/cli,markdownlint-cli) from the official NPM registry if they are not already present. - [DATA_EXFILTRATION]: The skill interacts with the GitHub API via the official
ghCLI tool. While this involves outbound network requests, it is necessary for the skill's primary function of retrieving issue metadata and is confined to GitHub's infrastructure. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it reads and analyzes external data (git diffs and session history).
- Ingestion points: The skill reviews file changes via
git diffand historical session context. - Boundary markers: No specific delimiters or safety instructions are used to separate ingested content from the agent's logic.
- Capability inventory: The skill is capable of writing local files (
PR_MESSAGE.md), executing shell commands, and accessing the GitHub API. - Sanitization: Content retrieved from the repository state is processed directly without sanitization or filtering.
Audit Metadata