Skills
skills/fcakyon/claude-codex-settings/pr-workflow/Gen Agent Trust Hub

pr-workflow

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local commands using git and the GitHub CLI (gh) to perform operations such as identifying staged changes, creating feature branches, and submitting pull requests.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it retrieves and summarizes untrusted content from the repository's git diffs.
  • Ingestion points: Repository content and commit history are accessed via git diff --cached --name-only and git diff <base-branch>...HEAD.
  • Boundary markers: The skill lacks explicit delimiters or instructions to ignore commands embedded within the analyzed code or commit messages.
  • Capability inventory: The agent has the ability to execute shell commands (git, gh) and perform external lookups via the mcp__tavily__tavily_search tool.
  • Sanitization: No sanitization, escaping, or validation of the repository content is performed before it is processed by the model for summarization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 06:25 AM