pr-description-skill
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [External Utility Usage]: The skill uses
npxto download and run the Mermaid CLI tool (@mermaid-js/mermaid-cli) for validating diagram syntax. This is a standard and transparent method for ensuring documentation quality in developer environments. - [Evaluation and Testing]: Includes a comprehensive Python-based evaluation framework (
run_evals.py) to verify trigger accuracy and content quality. The suite uses local fixtures and standard libraries, ensuring a safe and deterministic testing process. - [Output Grounding and Verification]: To ensure accuracy, the skill enforces a "cite-or-omit" rule where every claim must be backed by a verbatim quote from trusted documentation. This reduces the risk of generating misleading information from repository diffs or logs.
- [Structured Ingestion Surface]: While the skill ingests untrusted repository data (like commit messages), it mitigates potential injection risks by utilizing a rigid template and a mandatory self-check rubric to validate the final output before it is saved.
Audit Metadata