github-create-pr
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard git and gh CLI tools to interact with local repositories and GitHub. This is the intended and transparent purpose of the skill.
- [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were detected. Notably, the skill includes a specific security guideline in 'references/pr-body-conventions.md' instructing the agent not to include secrets, credentials, or sensitive local environment details in the generated PR body, which is a positive security practice.
- [PROMPT_INJECTION]: No malicious overrides, safety bypasses, or instructions to ignore system guidelines were detected. The workflow is structured and focuses on pragmatic PR writing.
- [REMOTE_CODE_EXECUTION]: The skill does not perform any dynamic code execution or download and execute untrusted scripts. It relies on pre-installed system tools (git and gh).
Audit Metadata