pr-prep
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes common development utilities such as git, gh, npm, and go to automate repository auditing and test validation. These commands are clearly defined and restricted to the scope of PR preparation.
- [PROMPT_INJECTION]: The skill analyzes external content from git logs and commit history to generate summaries. This introduces a surface where instructions in commit messages could influence the agent's summary output. This risk is mitigated by the mandatory manual review gate in Phase 6.
- [SAFE]: The skill incorporates security best practices including a check for credentials and secrets in Phase 3 and a blocking isolation check in Phase 0.
Audit Metadata