make-pr
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
gh pr createcommand to create pull requests on GitHub. This is consistent with the skill's stated purpose of automating developer workflows. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of external, potentially attacker-controlled repository data. 1. Ingestion points: The skill reads branch diffs and related work (issues/PRs) to generate context. 2. Boundary markers: Absent; there are no instructions to the agent to ignore instructions embedded in the gathered context. 3. Capability inventory: The skill has the capability to execute shell commands (
gh) and write to the filesystem (temporary files for PR bodies). 4. Sanitization: No sanitization or escaping is performed on the gathered context before it is drafted into the final PR description.
Audit Metadata