pull-requesting
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local git and gh (GitHub CLI) commands to check branch status, review commit history, and submit the pull request. These operations are standard and necessary for a pull request workflow.
- [DATA_EXFILTRATION]: Change logs and PR descriptions are sent to GitHub to create the pull request. Since GitHub is a well-known and trusted service, and this data transfer is the intended function of the skill, it is categorized as safe.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it reads commit messages from the repository.
- Ingestion points: Git commit history and diffs accessed via 'git log' and 'git diff' in SKILL.md.
- Boundary markers: No specific delimiters or safety instructions are used to distinguish commit data from agent instructions.
- Capability inventory: Local execution of git and gh subprocesses.
- Sanitization: No explicit filtering is performed on the commit content before it is processed by the agent.
Audit Metadata