Skills
skills/microsoft/apm/pr-description-skill/Gen Agent Trust Hub

pr-description-skill

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [External Downloads]: The skill uses npx to fetch and run the @mermaid-js/mermaid-cli package. This is used for validating the syntax of Mermaid diagrams generated for the pull request body.
  • [Command Execution]: Employs shell utilities such as awk and npx to process and validate diagram code. These operations are part of the skill's core functionality to ensure high-quality, renderable output on GitHub.
  • [Local Script Execution]: Includes a Python evaluation script (scripts/run_evals.py) to verify the skill's triggering logic and content generation quality. The script uses Python's standard library for file operations and regular expression matching.
  • [Data Processing]: Ingests branch metadata, commit logs, and code diffs to construct PR descriptions. While these inputs are externally provided from the git environment, they are used to populate a predefined markdown template.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:20 PM
Security Audit — agent-trust-hub — pr-description-skill