git-pull-request
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill constructs shell commands by interpolating branch names directly into git commands (e.g.,
git log <parent-branch>..<current-branch>). If a branch name contains shell metacharacters, it could lead to arbitrary command execution on the host. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection from repository data. 1. Ingestion points: Git commit logs and diff outputs from Step 2 and 3. 2. Boundary markers: None; the skill lacks delimiters or instructions to ignore embedded commands in logs. 3. Capability inventory: Execution of git commands and local file writing (PULL_REQUEST.md). 4. Sanitization: None; commit messages are parsed and categorized directly without validation.
Audit Metadata