Skills
skills/tfsugjp/csharptemplate/create-github-pull-request-from-specification/Gen Agent Trust Hub

create-github-pull-request-from-specification

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes content from a local file (.github/pull_request_template.md) to populate Pull Request titles and descriptions. This creates an indirect prompt injection surface where malicious text in the template could attempt to influence the agent's behavior during the update or assignment steps. \n
  • Ingestion points: ${workspaceFolder}/.github/pull_request_template.md (read in Step 1). \n
  • Boundary markers: None provided; the agent is instructed to incorporate the template information directly into the body and title. \n
  • Capability inventory: create_pull_request, update_pull_request, and update_issue tools. \n
  • Sanitization: The instructions do not specify any validation or sanitization of the template data before it is used in subsequent tool calls.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:20 AM
Security Audit — agent-trust-hub — create-github-pull-request-from-specification