create-pr
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill recommends setting the environment variable
GIT_SSL_NO_VERIFY=1for shell commands in SKILL.md. This disables SSL/TLS certificate verification, which is a security bypass that allows connections to unverified or malicious remote servers. - [DATA_EXFILTRATION]: Disabling SSL verification via
GIT_SSL_NO_VERIFY=1facilitates potential data exfiltration or credential interception, as traffic between the agent and GitHub can be monitored or modified by an attacker through Man-in-the-Middle (MitM) techniques. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of repository content.
- Ingestion points: The skill reads commit messages and code differences via
git logandgit diffin Step 1 of SKILL.md. - Boundary markers: Absent. There are no instructions or delimiters provided to prevent the agent from executing instructions found within the ingested data.
- Capability inventory: The skill uses
gitandghtools to perform shell execution and network communication as defined in SKILL.md. - Sanitization: Absent. Content from the repository is directly used to populate the PR title and body without validation or sanitization.
Audit Metadata