pr-description
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute local shell commands such as
git diff main...HEADto collect the data necessary for generating descriptions. This is a primary function of the skill. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to the way it processes external input.
- Ingestion points: The agent ingests untrusted data from branch diffs as part of its primary workflow (SKILL.md, Workflow Step 1).
- Boundary markers: The skill lacks explicit instructions or markers to distinguish between legitimate code changes and potentially malicious instructions embedded within code comments or string literals in the diff.
- Capability inventory: The skill output is designed to include 'copy-pasteable testing instructions', creating a vector where an attacker-controlled diff could influence the agent to suggest dangerous commands to the user.
- Sanitization: There is no evidence of sanitization or filtering of the diff content before it is used to generate the final description and testing steps.
Audit Metadata