ship
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill ingests untrusted data from external sources (GitHub issue titles and bodies) which are then used to construct the PR body and title.
- Ingestion points: Output from
gh issue viewcommand in Step 2 of the process. - Boundary markers: Absent. The skill does not use delimiters or explicit instructions to prevent the agent from obeying instructions embedded in the issue content.
- Capability inventory: Executes local commands including
git status,git rev-list,git log,gh issue view, andgh pr create. - Sanitization: Absent. Content from issues is parsed and directly interpolated into the PR template.
- [COMMAND_EXECUTION]: The skill uses local shell commands to manage the Git workflow and interact with the GitHub CLI.
- Evidence: Invokes
git status,git rev-list,git log,gh issue view, andgh pr create. These actions are consistent with the skill's primary purpose of automating pull request creation.
Audit Metadata