create-pr
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill follows best practice by including explicit security validation steps, such as secret scanning and dependency auditing, before performing operations.\n- [PROMPT_INJECTION]: The skill processes untrusted data (git logs and diffs) to generate PR content, creating a surface for indirect prompt injection. However, this is inherent to its functionality for PR automation and is managed within a structured workflow, resulting in no escalation of risk.\n
- Ingestion points: Reads git commit messages and file diffs from the local repository (SKILL.md, Phase 1).\n
- Boundary markers: Absent; the skill relies on the LLM to interpret and format the data into a PR template.\n
- Capability inventory: Uses
gh pr createand variousgitcommands (SKILL.md, Phase 3).\n - Sanitization: No explicit sanitization of git log content is performed prior to inclusion in the PR body.
Audit Metadata