Skills
skills/fandhe-ai/agent-cli-skills/create-pr/Gen Agent Trust Hub

create-pr

Warn

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to interact with the Git repository and the GitHub CLI (gh).
  • [COMMAND_EXECUTION]: The skill explicitly suggests the use of GIT_SSL_NO_VERIFY=1 for Git and GitHub CLI operations in sandbox environments. Disabling SSL/TLS verification is a critical security bypass that eliminates protection against certificate spoofing and transport-layer interception.
  • [DATA_EXFILTRATION]: By recommending the disabling of SSL verification, the skill creates a condition where sensitive data, including GitHub authentication tokens and source code, can be intercepted by a network-level attacker during the gh pr create or git push operations.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from git logs and diffs to generate PR summaries and titles, creating an indirect prompt injection surface.
  • Ingestion points: Repository commit history and code diffs (SKILL.md Step 1 and 4).
  • Boundary markers: Absent.
  • Capability inventory: GitHub CLI operations (gh pr create) and Git repository modifications.
  • Sanitization: Absent; the skill relies on internal model safety rather than data validation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 10, 2026, 03:47 PM
Security Audit — agent-trust-hub — create-pr