Skills
skills/dhruvanbhalara/skills/github-pr/Gen Agent Trust Hub

github-pr

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from commit logs.
  • Ingestion points: Commit messages are read via git log origin/main..HEAD --oneline in the 'Generate PR Description' section.
  • Boundary markers: None. The content of commit messages is directly interpolated into the PR description without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill has the capability to execute subprocess commands via the GitHub CLI (gh).
  • Sanitization: No sanitization, filtering, or escaping is applied to the commit history before it is used to generate the PR body.
  • [COMMAND_EXECUTION]: The skill uses string interpolation to construct shell commands for the GitHub CLI.
  • The gh pr create command uses <title> and <body> variables derived from untrusted commit history. If a commit message contains shell metacharacters such as backticks, semicolons, or command substitutions (e.g., $(...)), it could lead to arbitrary command execution when the agent runs the generated bash block.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 10:46 AM