Skills
skills/antinomyhq/forgecode/github-pr-description/Gen Agent Trust Hub

github-pr-description

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using git and gh (GitHub CLI) to retrieve branch information, commit history, and code diffs. It is explicitly instructed to create pull requests using gh pr create without prompting the user for confirmation.- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from the repository's git history and diffs to generate pull request descriptions.
  • Ingestion points: Git commit messages and code diffs are ingested via git log origin/main..HEAD and git diff origin/main..HEAD as described in the 'Analyze Changes' step.
  • Boundary markers: There are no delimiters or 'ignore' instructions provided to the agent to separate the analyzed code/commit data from the agent's core instructions.
  • Capability inventory: The skill can write to the local file system (creating .forge/FORGE_PR_DESCRIPTION.md) and perform authenticated network operations via the gh CLI.
  • Sanitization: The skill does not perform any validation, escaping, or filtering on the content retrieved from the git repository before using it to generate the final PR body.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 10:07 PM