update-pr
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from git history and code changes into its output.
- Ingestion points: The skill reads commit history via 'git log' and code changes via 'git diff' as described in Step 2 of SKILL.md.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the git-sourced content as potentially untrusted or to ignore embedded instructions.
- Capability inventory: The skill can modify PR descriptions using 'gh pr edit' and push changes using 'git push' as documented in Step 4.
- Sanitization: No sanitization or filtering of the external git data is mentioned or implemented before the data is processed.
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute several shell commands to gather data and perform updates.
- Evidence: The instructions in SKILL.md include calls to 'gh pr view', 'git status', 'git log', 'git diff', 'gh repo view', 'git push', and 'gh pr edit'.
Audit Metadata