task-to-pr
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates a workflow that ingests data from external sources, creating an entry point for indirect prompt injection.
- Ingestion points: Processes ticket descriptions, acceptance criteria, and PR rules from external trackers (Step 1), and handles feedback from reviewers or automated bots (Step 8).
- Boundary markers: The skill does not explicitly instruct the agent to use delimiters or ignore instructions embedded within the ticket or feedback content.
- Capability inventory: The agent has the authority to write code, execute local test suites (Step 4), and interact with remote repositories (pushing branches and creating PRs).
- Sanitization: The instructions lack specific requirements for validating or sanitizing input from the ticket reference or feedback loop before it influences agent behavior.
- [COMMAND_EXECUTION]: The skill instructions require the agent to 'Run focused checks' (Step 4). While this is a standard developer activity for verifying code changes through test runners or linters, it involves the execution of shell commands based on the project environment.
Audit Metadata