update-pr

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from git history and code changes into its output.
  • Ingestion points: The skill reads commit history via 'git log' and code changes via 'git diff' as described in Step 2 of SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the git-sourced content as potentially untrusted or to ignore embedded instructions.
  • Capability inventory: The skill can modify PR descriptions using 'gh pr edit' and push changes using 'git push' as documented in Step 4.
  • Sanitization: No sanitization or filtering of the external git data is mentioned or implemented before the data is processed.
  • [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute several shell commands to gather data and perform updates.
  • Evidence: The instructions in SKILL.md include calls to 'gh pr view', 'git status', 'git log', 'git diff', 'gh repo view', 'git push', and 'gh pr edit'.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 08:16 PM
Security Audit — agent-trust-hub — update-pr