ado-create-pr
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (
!command) to execute several shell commands upon loading to establish the repository's current state, includinggit status,git branch, andgit log. These commands are used for context retrieval within the development environment.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes untrusted content from the repository's git history and file diffs to generate pull request descriptions.\n - Ingestion points: Untrusted data enters the agent context through the output of
git diffandgit logcommands in SKILL.md.\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the ingested git data as potentially untrusted or to ignore embedded instructions.\n
- Capability inventory: The skill allows the agent to perform write operations including
git pushand creating/updating pull requests via MCP tools.\n - Sanitization: The skill does not implement sanitization or validation of the content retrieved from the repository before using it to generate PR metadata.
Audit Metadata