pr-ready
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes arbitrary commands defined in local project files.
- Evidence: Step 2 instructions the agent to read
AGENTS.mdorMakefileand run the commands found there (lint, typecheck, test, build). A malicious repository could use these files to trigger harmful local commands when the user runs the skill. - [PROMPT_INJECTION]: The skill processes untrusted repository data which could contain malicious instructions.
- Ingestion points: The skill reads
AGENTS.md,Makefile,CHANGELOG.md,.github/pull_request_template.md, and git commit messages. - Boundary markers: No delimiters or ignore-instructions are specified for the ingested content.
- Capability inventory: The skill has terminal access to run git, the GitHub CLI (gh), and any command defined in the Makefile.
- Sanitization: No sanitization is performed on commit messages or file content before they are interpolated into the PR description or executed.
Audit Metadata