gh-create-pr
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
gitandghcommand-line interfaces to push code to remotes and interact with the GitHub API for PR management.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it processes.github/pull_request_template.mdfrom the repository, which could contain instructions intended to manipulate the agent.\n - Ingestion points: Repository-level markdown files (
.github/pull_request_template.md).\n - Boundary markers: The skill uses shell heredocs (
<<'EOF') to isolate the body content during temporary file creation.\n - Capability inventory: The agent can push to remote branches and create PRs via the GitHub CLI.\n
- Sanitization: While no automated sanitization is present, the skill enforces a mandatory human preview and confirmation step before final execution, effectively mitigating injection risks.\n- [SAFE]: No malicious behavior, obfuscation, or unauthorized data access was detected. The operations performed are appropriate for the skill's stated purpose.
Audit Metadata