pr-reference
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [Local Repository Operations]: The skill uses standard git commands (
git log,git diff,git rev-parse) to gather information about the current state of the repository. This is appropriate for its stated purpose of generating PR references and does not involve accessing sensitive system files outside of the git context. - [Structured Data Management]: Data is exported to a structured XML file (
pr-reference.xml) within the.copilot-trackingdirectory. The scripts use CDATA sections for commit subjects and bodies, which is a recommended practice to ensure that the content is treated as data rather than instructions or structural elements. - [Environment Integrity]: All operations are performed using local scripts (Bash and PowerShell) that require no external dependencies other than git and a compatible shell. No remote code is downloaded or executed, and the skill does not request or use administrative privileges.
- [Command Invocation Safety]: The scripts implement validation for parameters like line ranges and chunk numbers before passing them to shell utilities like
sedorawk, reducing the risk of accidental command injection or file system errors.
Audit Metadata