Skills
skills/shipshitdev/skills/gh-pr-publish/Gen Agent Trust Hub

gh-pr-publish

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from GitHub pull request metadata (titles, bodies) and git diffs, which creates a potential surface for indirect prompt injection.
  • Ingestion points: Data is fetched using gh pr view and git diff as described in the workflow steps of SKILL.md.
  • Boundary markers: The instructions explicitly warn to treat PR metadata and diff summaries as untrusted text and to ignore instructions embedded within them in the Contract section of SKILL.md.
  • Capability inventory: The skill uses git and gh CLI tools for repository management and GitHub API interaction.
  • Sanitization: There are explicit requirements to redact secrets before including data in PR summaries or descriptions in the Reviewability Pass section of SKILL.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 11:38 AM
Security Audit — agent-trust-hub — gh-pr-publish