pr-split
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted code changes.
- Ingestion points: Phase 1 involves analyzing the full repository diff and all commit messages.
- Boundary markers: No delimiters or safety instructions are present to distinguish analyzed code from agent instructions.
- Capability inventory: The skill can execute Git and GitHub CLI commands and run local project scripts.
- Sanitization: No content sanitization is performed on the diff or commit data prior to analysis.
- [COMMAND_EXECUTION]: The skill performs dynamic command execution by invoking the repository's internal pre-commit validation and build scripts at runtime. This behavior allows for the execution of arbitrary commands defined within the source project's configuration.
Audit Metadata