pull-request
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
gh(GitHub CLI) utility to perform git push operations and submit pull requests to GitHub repositories. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface as it ingests untrusted code diffs to generate PR titles and descriptions. 1. Ingestion points: branch diffs relative to the main branch. 2. Boundary markers: none identified in the workflow logic. 3. Capability inventory: push and PR creation via
ghCLI. 4. Sanitization: none performed on input diffs before processing for natural language generation.
Audit Metadata