pr-writer
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands using
git(to check branch status, logs, and diffs) and the GitHub CLIgh(to view repository details, inspect existing PRs, and create or update pull requests). - [DATA_EXFILTRATION]: The skill transmits repository data (such as diff summaries and PR descriptions) to GitHub's infrastructure via
gh pr createand the GitHub API. This is the primary and intended function of the skill for the purpose of pull request management. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted data from the local repository (commit logs and code diffs) to generate PR descriptions. However, it includes specific guidelines to produce concise prose and explicitly instructs the agent to avoid including sensitive data like customer PII in the output. The provided shell command examples use quoted heredocs (
<<'EOF') to safely handle multi-line strings and prevent unintended shell expansion.
Audit Metadata