github-pr-description
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local system commands using 'git' to retrieve branch information, commit history, and code diffs. It also utilizes the 'gh' (GitHub CLI) to create pull requests on remote repositories.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the repository's git history and diffs.\n
- Ingestion points: Data is ingested from 'git log' (commit messages) and 'git diff' (source code changes) during the context gathering phase.\n
- Boundary markers: The skill does not define explicit delimiters or 'ignore' instructions for the LLM when processing the content of the diffs and commit messages.\n
- Capability inventory: The skill has the capability to write temporary files ('.forge/FORGE_PR_DESCRIPTION.md') and perform network operations via the 'gh' CLI to submit PR data to GitHub.\n
- Sanitization: No sanitization or filtering of the ingested git output is performed before it is provided to the language model for synthesis.
Audit Metadata