Skills
skills/oaustegard/claude-skills/opening-prs/Gen Agent Trust Hub

opening-prs

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the transmission of user-supplied data (titles, descriptions, and file contents) to the GitHub API, creating an indirect prompt injection surface.
  • Ingestion points: Data enters the system via the title, body, and files parameters in the open_pr function in scripts/opening_prs.py.
  • Boundary markers: The instructions do not define delimiters or provide specific prompts to ignore instructions within the processed content.
  • Capability inventory: The skill possesses authenticated write capabilities for GitHub repositories, including branch creation, file commits, and PR initialization via urllib.
  • Sanitization: No validation or sanitization is applied to the input strings prior to their transmission to the external API.
  • [REMOTE_CODE_EXECUTION]: The script scripts/opening_prs.py utilizes importlib for the dynamic loading of the flowing skill from a static filesystem path (/mnt/skills/user/flowing/scripts/flowing.py). This implementation is used to manage dependencies between skills within the agent's operating environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 03:21 PM