Skills
skills/nvidia/megatron-lm/split-pr/Gen Agent Trust Hub

split-pr

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) and Git to perform operations such as viewing PR details, analyzing diffs, and managing branches and commits.
  • [DATA_EXPOSURE]: The skill reads repository configuration files like .github/CODEOWNERS and PR metadata from the NVIDIA/Megatron-LM repository.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external data from pull requests.
  • Ingestion points: Pull request titles, descriptions, and code diffs fetched via gh pr view and gh pr diff in SKILL.md.
  • Boundary markers: None provided; the agent processes the PR content directly without specific markers to distinguish between instructions and data.
  • Capability inventory: The skill uses git apply to modify local files and git push/gh pr create to interact with remote repositories (SKILL.md).
  • Sanitization: There is no explicit sanitization or filtering of the PR content described in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 07:06 AM