Skills
skills/everyinc/compound-engineering-plugin/ce-pr-description/Gen Agent Trust Hub

ce-pr-description

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from commit messages, file diffs, and existing pull request bodies.
  • Ingestion points: Commit messages (git log), file diffs (git diff), and existing pull request metadata (gh pr view).
  • Boundary markers: The instructions do not mandate delimiters or instructions for the agent to ignore embedded prompts in the ingested data.
  • Capability inventory: The skill executes shell commands (git, gh) and writes to local temporary files.
  • Sanitization: No sanitization of the retrieved repository content is performed before it is used for description generation.
  • [COMMAND_EXECUTION]: The skill uses git and the GitHub CLI (gh) to retrieve repository state and pull request data.
  • [EXTERNAL_DOWNLOADS]: Pull request data and diffs are fetched from GitHub repositories using official tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 07:36 PM