Skills
skills/aspiers/ai-config/describing-PRs/Gen Agent Trust Hub

describing-PRs

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses several shell commands (git, mkdir) and a custom Python script to interact with the local repository. The script find-merge-base.py uses subprocess.run to execute git commands. These operations are restricted to the local git environment and are necessary for the skill's primary function of analyzing code changes.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data from the repository's commit logs and file differences (git log, git diff) and incorporates this data directly into the LLM's context to generate the PR description.
  • Ingestion points: Commit messages and file diffs gathered in step 2 of SKILL.md.
  • Boundary markers: None are explicitly used when interpolating the git output into the generation prompt.
  • Capability inventory: The skill has the capability to write files to the .git/magit/posts/ directory and execute local git commands via the find-merge-base.py script.
  • Sanitization: No sanitization or filtering of the commit messages or diff content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 06:04 PM