ce-commit-push-pr
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local git and gh (GitHub CLI) commands to manage repository state, including staging changes, creating commits, pushing branches, and managing pull requests.
- [COMMAND_EXECUTION]: Employs dynamic command execution syntax (
!git status) within the SKILL.md file to pre-populate context with local git state. These commands are used for benign informational purposes and are typical for development-focused automation. - [PROMPT_INJECTION]: The skill processes untrusted data from git logs and pull request descriptions which could be used for indirect prompt injection. It mitigates this risk through several security controls: 1. Ingestion points: Data is gathered from
git log,git diff, andgh pr view. 2. Boundary markers: Uses quoted heredoc sentinels (e.g.,<<'__CE_PR_BODY_END__') in shell scripts to ensure generated content is treated as literal data and not interpreted by the shell. 3. Capability inventory: Includes the ability to commit code and update pull request metadata. 4. Sanitization: Explicitly instructs the agent to escape shell-sensitive characters like backticks and dollar signs when processing variables like PR titles.
Audit Metadata