create-pr
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically executes commands based on external configuration. In
references/ci-checks.md, the agent is instructed to parserun:orscript:blocks from GitHub Actions or GitLab CI files and execute them locally "as-is". It also executesnpxcommands for linting and spelling checks. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing untrusted data from the repository to drive high-capability actions.
- Ingestion points: The skill reads
.github/workflows/ci.yaml,.gitlab-ci.yml, and.github/PULL_REQUEST_TEMPLATE.md(references/ci-checks.md,references/pull-request-template.md). - Boundary markers: Absent. There are no delimiters or instructions provided to the agent to treat the content of these files as potentially untrusted or to ignore embedded instructions.
- Capability inventory: The skill can execute arbitrary shell commands via the CI check translation logic and perform network operations via
ghorglabCLI tools (references/pr-cli.md). - Sanitization: Absent. The skill does not validate or sanitize the scripts extracted from CI configuration files before execution.
Audit Metadata