create-pr
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands via Git and GitHub CLI (
gh) to manage the repository and submit pull requests. It also employs dynamic context injection (the!command`` syntax) withinSKILL.mdto retrieve repository metadata like authentication status and commit history at runtime. - [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection because it ingests and processes untrusted data from the local repository.
- Ingestion points: The skill specifically reads
CONTRIBUTING.mdand.github/PULL_REQUEST_TEMPLATE.mdto guide its behavior. - Boundary markers: No explicit delimiters or instructional safeguards are used to isolate content ingested from repository files from the agent's system instructions.
- Capability inventory: The agent possesses broad capabilities including execution of arbitrary Git and GitHub CLI commands, as well as running project-specific test and build scripts.
- Sanitization: The skill does not perform validation or sanitization of the content found in repository-level documentation or templates.
Audit Metadata