cmd-pr-build-context
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard version control tools including
git(for diffing, logging, and status checks) andgh(GitHub CLI) to retrieve repository metadata. These operations are essential for the skill's primary function and are performed within the local repository context. - [SAFE]: Comprehensive analysis of the instructions reveals no presence of malicious prompt injection, data exfiltration patterns, or persistence mechanisms.
- [SAFE]: The skill identifies a surface for indirect prompt injection as it processes untrusted data from repository documentation and git diffs. However, this is considered safe given the skill's restricted capabilities and intended purpose.
- Ingestion points: Reads repository documentation (e.g., README.md, CLAUDE.md) and version control outputs (
git diff,git log). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined for processing external text.
- Capability inventory: Execution is limited to local Git/CLI commands for data retrieval and summarization; no arbitrary file-write, dynamic code execution (eval/exec), or external network exfiltration tools are utilized.
- Sanitization: No explicit sanitization or filtering of the ingested content is performed.
Audit Metadata