Skills
skills/gentleman-programming/gentleman-skills/github-pr/Gen Agent Trust Hub

github-pr

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill provides numerous templates and executable examples for gh (GitHub CLI) and git commands. Specifically, the inclusion of gh pr create and gh pr merge --squash grants the agent the capability to perform state-changing operations on remote repositories.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): The skill demonstrates a high-risk surface for indirect prompt injection when handling external content.
  • Ingestion points: The agent is expected to process external data including issue titles (e.g., Closes #123), PR descriptions, and code changes.
  • Boundary markers: None. The skill does not provide delimiters or instructions to ignore embedded instructions within the data it processes.
  • Capability inventory: Modifies repository state via gh pr create and gh pr merge (found in SKILL.md).
  • Sanitization: None. There is no guidance on escaping shell metacharacters or validating inputs before they are passed to the gh CLI as arguments (e.g., inside --title or --body). An attacker could inject malicious shell commands or override agent behavior by crafting a malicious issue or commit message.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:01 PM