pr
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Leverages the Bash tool to perform standard operations using git and the GitHub CLI (gh), such as analyzing status, differences, and managing pull requests.
- [PROMPT_INJECTION]: The skill processes potentially untrusted data from the repository, creating an indirect prompt injection surface. * Ingestion points: Reads commit messages and existing PR descriptions (SKILL.md, Step 1a and Step 5). * Boundary markers: No specific delimiters are used to wrap external content to prevent the agent from following embedded instructions. * Capability inventory: The agent can execute shell commands, edit files, and create/update PRs. * Sanitization: Relies on the user to review the summary and code review results via the AskUserQuestion tool before proceeding.
- [SAFE]: Includes positive security behaviors such as auditing for sensitive information (API keys, secrets) before committing and providing a protective warning against pushing directly to main or master branches.
Audit Metadata