create-pr
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection through analysis of repository data.
- Ingestion points: The skill reads untrusted content via 'git diff', 'git status', and 'git log' in SKILL.md.
- Boundary markers: Absent; there are no delimiters or instructions to ignore instructions embedded within the codebase.
- Capability inventory: The skill has access to sensitive tools including 'Bash' (for 'git push' and 'gh pr create') and 'Write'/'Edit' for file modification.
- Sanitization: Absent; no escaping or validation of analyzed code is performed before it is processed by the agent.
Audit Metadata