Skills
skills/eveld/claude/write-pr-description/Gen Agent Trust Hub

write-pr-description

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from git commits and diffs to generate pull request descriptions. Malicious instructions embedded in the repository's history could attempt to manipulate the agent's output or subsequent actions.
  • Ingestion points: The agent is instructed to read git commit history and branch diffs as input data.
  • Boundary markers: No explicit delimiters or boundary markers are defined to isolate the untrusted diff content from the agent's instructions.
  • Capability inventory: The skill utilizes the gh pr create command, which allows the agent to interact with and modify remote repositories.
  • Sanitization: There is no evidence of sanitization or filtering applied to the data retrieved from git before it is analyzed by the agent.
  • [COMMAND_EXECUTION]: The skill relies on executing the gh (GitHub CLI) utility to perform its core functionality.
  • Evidence: The integration section explicitly directs the agent to execute gh pr create to submit the drafted descriptions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 10:32 PM