Skills
skills/ajaywadhara/agent-skills/pr-message-generator/Gen Agent Trust Hub

pr-message-generator

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted text from external sources to generate the pull request description. \n
  • Ingestion points: Git commit history (via git log), uncommitted changes (via git diff), and JIRA ticket summaries and descriptions fetched through the JIRA MCP tool. \n
  • Boundary markers: The skill does not use delimiters (like XML tags or backticks) or provide instructions to the agent to ignore any embedded commands within the ingested text. \n
  • Capability inventory: The skill's capabilities are restricted via the allowed-tools configuration to git, Read, Glob, Grep, and AskUserQuestion, which significantly limits the potential impact of a successful injection. \n
  • Sanitization: No sanitization, escaping, or validation is performed on the ingested content before it is interpolated into the generated output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 03:54 AM