git-pr
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local bash script (scripts/generate-pr.sh) and uses the GitHub CLI (gh) to create pull requests. This is consistent with the skill's stated purpose of automating development workflows.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It processes content from git log and git diff, which are external and potentially untrusted data sources. Malicious instructions embedded in commit messages or code changes could attempt to influence the agent's PR generation process. * Ingestion points: scripts/generate-pr.sh reads git history and diff content. * Boundary markers: Data is structured into a JSON object using jq before being presented to the agent. * Capability inventory: The agent has the ability to execute shell commands (gh pr create). * Sanitization: The shell script uses jq to ensure data is properly escaped for the JSON output.
- [EXTERNAL_DOWNLOADS]: The documentation suggests installing jq via 'brew install jq' if it is missing, which is a standard procedure for installing dependencies from a well-known package manager.
Audit Metadata