gh-pr
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs standard repository operations using well-known CLI tools (
git,gh,jq). Commands include checking current branch state, fetching remote updates, and creating or viewing PRs. All execution is scoped to the repository context and is necessary for the skill's primary function. - [PROMPT_INJECTION]: The skill defines internal decision rules that constrain the agent's behavior (e.g., 'Do not create or switch branches'). These are functional guardrails. While the skill processes external data like branch names and PR metadata which could be a surface for indirect injection, it mitigates risk by requiring explicit user confirmation when the working tree is not clean.
- Ingestion points: Reads repository state from
git status --porcelainand PR information fromgh pr list(SKILL.md). - Boundary markers: Includes a 'Preflight' check that forces the agent to pause and present options to the user if untracked or uncommitted changes are found (SKILL.md).
- Capability inventory: Access to
git push,gh pr create, andgh pr editfor modifying remote resources (SKILL.md). - Sanitization: Requires the agent to validate the final PR body against a template and explicitly forbids the inclusion of 'TODO' placeholders or escaped control sequences in the final output (SKILL.md).
Audit Metadata