Skills
skills/mgiovani/skills/git-create-pr/Gen Agent Trust Hub

git-create-pr

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes standard command-line tools such as git (status, branch, log, diff, push) and gh (repo view, pr create) to manage the Pull Request lifecycle. These operations are essential for the skill's declared purpose and are executed within the user's local repository context.
  • [PROMPT_INJECTION]: There is a surface for indirect prompt injection because the skill reads data from external sources like git commit messages and branch names to generate PR descriptions. However, the skill explicitly mandates a multi-step verification process, requiring the agent to verify claims against actual code changes and asking the user for final confirmation/edits before execution.
  • [EXTERNAL_DOWNLOADS]: The skill metadata references a source repository on GitHub under the author's own namespace (mgiovani/skills), which is consistent with the skill's identity and does not involve untrusted third-party code execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 04:31 PM
Security Audit — agent-trust-hub — git-create-pr