Skills
skills/sd0xdev/sd0x-dev-flow/create-pr/Gen Agent Trust Hub

create-pr

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements GitHub PR management using the official GitHub CLI (gh). Analysis of the instruction set reveals standard automation patterns.\n- [COMMAND_EXECUTION]: The skill uses git and gh tools to gather repository data and manage PRs. It correctly uses shell escaping techniques, such as printf '%s' for titles and quoted heredocs (<<'EOF') for PR bodies, to prevent command injection from variable expansion.\n- [PROMPT_INJECTION]: The skill processes untrusted data from the repository (branch names and commit messages) to generate PR summaries. This creates a surface for indirect prompt injection, which is managed by the skill's logic.\n
  • Ingestion points: Branch names (git rev-parse), commit logs (git log), and diffs (git diff) as described in SKILL.md.\n
  • Boundary markers: None explicitly defined for the summarization prompt.\n
  • Capability inventory: Execution of gh pr create and gh pr edit commands.\n
  • Sanitization: Implements regex-based filtering (AI Content Sanitization in Step 4b) and post-execution verification (Step 7b) to monitor and remove specific patterns from the published content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 07:24 PM