write-pr
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified. The skill correctly limits its scope to gathering information and generating text output.
- [INDIRECT_PROMPT_INJECTION]: The skill reads and processes local repository data which could be manipulated by a third party.
- Ingestion points: The skill reads git diffs, logs, and pull request template files.
- Boundary markers: There are no explicit delimiters used to isolate the data from the instructions, though the agent is directed to follow the template structure strictly.
- Capability inventory: The skill only uses read-only commands (git diff, git log, gh pr list). It lacks tools for writing to the filesystem or making external network requests.
- Sanitization: Input from the repository is processed without sanitization or validation.
Audit Metadata