pr
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands including
git log,git diff,git fetch,git push, andgh pr createto perform its primary function of repository and pull request management. - [PROMPT_INJECTION]: The skill displays a vulnerability surface for indirect prompt injection by ingesting and processing data from the repository which could be influenced by external contributors. 1. Ingestion points: Context is gathered from file system state and remote metadata via
git log,git diff, andgh pr list. 2. Boundary markers: No explicit delimiters or instructions are used to separate untrusted commit/diff data from the PR creation templates. 3. Capability inventory: The skill has the capability to push to remote git branches and create new pull requests on GitHub. 4. Sanitization: The skill uses shell heredocs (EOF) to handle multi-line PR bodies, which provides a layer of protection against shell command injection but does not prevent the underlying model from following instructions contained within the commit data.
Audit Metadata