pr
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git and GitHub CLI commands for branch management, diffing, and PR creation.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data into the agent's context.
- Ingestion points: Reads content from CLAUDE.md, git logs, diffs, and project files like package.json.
- Boundary markers: Does not implement delimiters or isolation to separate external data from the skill's instructions.
- Capability inventory: Authorized to push code, create PRs, and modify existing configuration files.
- Sanitization: No validation or sanitization is performed on ingested data before it is used in PR descriptions or versioning decisions.
Audit Metadata