Skills
skills/generaljerel/chalk-skills/create-pr/Gen Agent Trust Hub

create-pr

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Utilizes standard Git and GitHub CLI (gh) tools via Bash to perform repository operations, which is the primary intended behavior of the skill.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection via the .chalk/chalk.json file. Malicious commands or instructions placed in the test.command or dev.command fields could be incorporated into the generated PR description.
  • Ingestion points: Reads project-specific metadata from .chalk/chalk.json at runtime.
  • Boundary markers: Absent. The instructions do not specify any delimiters or safety prompts to prevent the agent from following instructions embedded in the external data.
  • Capability inventory: Uses Bash for command execution and repository synchronization via git push and gh pr create.
  • Sanitization: Uses HEREDOC to pass data to the shell, providing protection against command injection but not against semantic instruction injection within the PR body.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 08:10 AM