Skills
skills/cygnusfear/agent-skills/create-pr/Gen Agent Trust Hub

create-pr

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the git and gh (GitHub CLI) tools to interact with the local repository and the GitHub API. This includes commands like git log, git diff, gh issue view, and gh pr create which are necessary for its primary functionality.
  • [PROMPT_INJECTION]: The skill contains a directive to suppress tool attribution ('Do NOT include "Generated with Claude Code" or similar tool attribution footers'), which instructs the agent to hide its AI identity in external pull request descriptions.
  • [PROMPT_INJECTION]: A surface for indirect prompt injection exists because the skill processes untrusted data from external sources.
  • Ingestion points: The skill reads data from git branch, gh issue list, gh issue view, git log, and git diff in SKILL.md (Steps 1 and 2).
  • Boundary markers: Absent. The template does not use specific delimiters to isolate potentially malicious instructions embedded in commit messages or issue descriptions.
  • Capability inventory: The skill possesses the capability to execute shell commands via gh pr create (SKILL.md).
  • Sanitization: No explicit sanitization or validation of the ingested strings is performed before they are interpolated into the PR body template.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 11:31 AM