pr-description
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git commands (rev-parse, diff, log) to retrieve context for PR generation. These operations are legitimate for the skill's purpose and are confined to the local repository.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing commit messages and diffs. This risk is assessed as low since the output is a markdown file without automated execution. * Ingestion points: Git branch names, logs, and diffs are collected via shell commands in SKILL.md. * Boundary markers: No specific delimiters are used to wrap ingested git data. * Capability inventory: Writes the resulting description to a file in the .agent/ directory. * Sanitization: Branch names are sanitized (replacing / with -) for use in filenames.
- [SAFE]: No evidence of data exfiltration, credential theft, or malicious obfuscation was found. The skill operates as intended for its development context.
Audit Metadata