skills/swaroopsm/skills/github-pr/Gen Agent Trust Hub

github-pr

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Executes standard git and gh CLI commands to manage repository branches and pull requests. These operations are restricted to the user's local context and official GitHub interaction.
  • [COMMAND_EXECUTION]: Utilizes shell execution at load time to retrieve current branch names, tracking status, and PR templates. These commands are benign and purpose-built for gathering necessary PR context.
  • [PROMPT_INJECTION]: Ingests content from commit messages and repository templates, creating a surface for indirect prompt injection.
  • Ingestion points: Reads branch history (git log) and template files (cat .github/PULL_REQUEST_TEMPLATE.md) in SKILL.md.
  • Boundary markers: Employs markers like to define its management area in the PR body.
  • Capability inventory: Uses git push and gh pr tools as defined in the allowed-tools section of SKILL.md.
  • Sanitization: Requires the user to explicitly confirm code pushes and choose from generated title candidates, providing human-in-the-loop validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 02:54 PM
Security Audit — agent-trust-hub — github-pr