wrap
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from the repository to generate PR content. Ingestion points: The skill reads repository state via git status, git diff, and git log in SKILL.md. Boundary markers: No delimiters or specific instructions are used to separate the code diffs from the agent's instructions. Capability inventory: The skill can execute git and gh commands and invoke the /handoff skill. Sanitization: No sanitization or content validation is performed on the data retrieved from the repository before it is interpolated into PR templates.
- [COMMAND_EXECUTION]: The skill executes git and gh (GitHub CLI) commands to manage version control and Pull Requests. These operations are essential for the skill's primary purpose and utilize well-known technology tools and services.
Audit Metadata