pr-summary
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from git branch comparisons which could contain malicious content designed to influence the PR summary. * Ingestion points: Git diff data processed in Step 1 of SKILL.md. * Boundary markers: Absent; the LLM is not explicitly instructed to ignore instructions within the code changes. * Capability inventory: The
gh pr createcommand in Step 4 allows data to be sent to GitHub. * Sanitization: A human-in-the-loop checkpoint is required in Step 3, allowing the user to verify the generated content before submission. - Command Execution (SAFE): The skill utilizes standard developer tools (
gitandgh) to perform its primary function. No unauthorized or high-privilege commands are present.
Audit Metadata