Skills
skills/forjd/agent-skills/github-pr/Gen Agent Trust Hub

github-pr

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the local git repository to generate content for GitHub pull requests.
  • Ingestion points: The skill reads branch names, commit logs (git log), and file differences (git diff) in SKILL.md (Step 3 and 4).
  • Boundary markers: While shell-level heredocs are used to prevent command injection, there are no explicit instructions or delimiters for the LLM to ignore potentially malicious content found within the diffs or commit messages.
  • Capability inventory: The skill possesses the capability to execute git and gh CLI commands, which can write to the repository and submit code for review on GitHub.
  • Sanitization: The instructions do not define any sanitization or validation steps for the extracted text before it is interpolated into the PR title and body templates.
  • [COMMAND_EXECUTION]: The skill assembles and executes local shell commands using data derived from the repository environment.
  • Evidence: Step 6 in SKILL.md performs command substitution and shell execution using gh pr create with parameters derived from git output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 11:56 PM