pr
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard system tools (
gitandgh) to perform repository operations such as checking branch status, staging files, committing changes, and pushing to origin. These are typical behaviors for development-oriented agent skills. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads untrusted data from the local repository and external GitHub metadata.
- Ingestion points: Reads output from
git log,git diff,gh pr list, andgh issue listto generate PR titles and descriptions. - Boundary markers: Absent. The skill does not explicitly use delimiters when processing the content of commits or diffs to ignore embedded instructions.
- Capability inventory: The skill can execute shell commands, write to the remote repository (via
git push), and create pull requests (viagh pr create). - Sanitization: None. The content retrieved from logs or diffs is directly used by the LLM to summarize changes and formulate PR bodies.
Audit Metadata