Skills
skills/rshade/agent-skills/pull-request-msg-with-gh/Gen Agent Trust Hub

pull-request-msg-with-gh

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard git and gh commands to retrieve the current branch name, view changes, and search for GitHub issues. These operations are scoped to the local repository and the authenticated GitHub account.
  • [EXTERNAL_DOWNLOADS]: Uses npx to run validation tools (commitlint and markdownlint). These are fetched from the official npm registry, which is a well-known and trusted package repository.
  • [REMOTE_CODE_EXECUTION]: Runs linter tools on local workspace files. While tools like commitlint can execute local JavaScript configuration files if they exist in a repository, this is a standard and intended behavior for developer tooling.
  • [DATA_EXFILTRATION]: Performs issue searches on GitHub using keywords derived from the branch name. This involves communicating with GitHub's official API via the gh CLI as part of the primary PR generation workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 09:59 AM