Skills
skills/everyinc/compound-engineering-plugin/ce-commit-push-pr/Gen Agent Trust Hub

ce-commit-push-pr

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands for git operations and GitHub PR management. It follows security best practices by writing PR content to temporary files and using quoted heredocs (<<'EOF') to prevent shell expansion and command injection risks.
  • [PROMPT_INJECTION]: The skill processes untrusted content from the local repository (specifically code diffs and commit logs) to generate pull request descriptions, which is an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the agent context via git diff and git log commands in SKILL.md and references/pr-description-writing.md.
  • Boundary markers: The skill does not use explicit boundary markers or 'ignore' instructions for the diff content, but it uses strong delimiters for final command execution.
  • Capability inventory: The skill possesses capabilities for file system writes (temporary files) and command execution (git commit, git push, gh pr create) in SKILL.md.
  • Sanitization: No filtering or sanitization of the diff content is performed before processing.
  • [DATA_EXFILTRATION]: The skill reads repository metadata and code diffs. This data is used solely to interact with the GitHub API via the official gh CLI for pull request creation, which is the skill's primary intended function.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 08:18 AM