prepare-pr
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses dynamic context injection (!command) to execute standard Git commands such as 'git status', 'git log', and 'git diff' during initialization. This functionality is used exclusively to populate the agent's context with relevant commit history for generating PR descriptions and does not involve network exfiltration or sensitive file access.
- [SAFE]: Uses the 'Write' tool to save generated PR content to 'pr_content.md'. This file operation is limited to the local project environment and aligns with the stated purpose of the skill.
- [SAFE]: While the skill processes commit messages which are technically untrusted input, the lack of high-privilege tools or persistent network capabilities mitigates the risk of indirect prompt injection in this specific workflow.
Audit Metadata