github-pr
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Executes standard git and gh CLI commands to manage repository branches and pull requests. These operations are restricted to the user's local context and official GitHub interaction.
- [COMMAND_EXECUTION]: Utilizes shell execution at load time to retrieve current branch names, tracking status, and PR templates. These commands are benign and purpose-built for gathering necessary PR context.
- [PROMPT_INJECTION]: Ingests content from commit messages and repository templates, creating a surface for indirect prompt injection.
- Ingestion points: Reads branch history (git log) and template files (cat .github/PULL_REQUEST_TEMPLATE.md) in SKILL.md.
- Boundary markers: Employs markers like to define its management area in the PR body.
- Capability inventory: Uses git push and gh pr tools as defined in the allowed-tools section of SKILL.md.
- Sanitization: Requires the user to explicitly confirm code pushes and choose from generated title candidates, providing human-in-the-loop validation.
Audit Metadata