pr-creation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface detected.
- Ingestion points: The skill reads branch names, commit messages via 'git log', code changes via 'git diff', and pull request templates from the '.github/' directory.
- Boundary markers: The skill uses shell heredoc syntax (EOF) to prevent command injection at the shell level, but lacks logical delimiters to prevent the agent from being influenced by instructions embedded within commit messages or templates.
- Capability inventory: The skill has access to the 'Bash' tool to execute 'gh' and 'git' commands, as well as 'Read', 'Grep', and 'Glob' for file system access.
- Sanitization: No evidence of sanitization or validation of the text retrieved from git history or templates is provided before the data is incorporated into PR titles and descriptions.
- [COMMAND_EXECUTION]: The skill utilizes the 'Bash' tool to execute 'git' and 'gh' commands. This behavior is necessary for the skill's primary purpose of managing pull requests and follows the principle of using the GitHub CLI for these operations.
Audit Metadata