Skills
skills/steveonead/agent-skills/ito-pr/Gen Agent Trust Hub

ito-pr

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local binaries git and gh (GitHub CLI) to perform repository analysis and PR management. It includes pre-flight checks to verify user authentication and repository state.
  • [COMMAND_EXECUTION]: Implements a robust double-confirmation workflow (Preview -> Confirm Push -> Confirm Create/Update) that prevents the agent from performing state-changing actions without explicit human approval.
  • [COMMAND_EXECUTION]: Mitigates command injection risks when processing untrusted data (like commit messages) by using quoted heredocs (cat <<'EOF') in shell commands, ensuring the shell does not interpolate content from the generated PR body.
  • [COMMAND_EXECUTION]: Incorporates safety 'gatekeepers' such as preventing operations on default branches or fork repositories, ensuring the tool is used within intended feature-branch workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 06:48 AM
Security Audit — agent-trust-hub — ito-pr