pr-writer
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill performs routine command execution by invoking
gitand the GitHub CLI (gh). These tools are used to inspect repository state, retrieve commit logs, calculate diffs, and interact with the GitHub API for creating or updating pull requests.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it reads and processes external data (code diffs and commit messages) to generate pull request descriptions. Malicious content within the git history could potentially influence the agent's behavior during description generation.\n - Ingestion points: The agent analyzes the output of
git logandgit diffin Step 2.\n - Boundary markers: There are no explicit instructions or delimiters used to separate the analyzed code content from the agent's internal logic, making it possible for instructions within the diff to be interpreted.\n
- Capability inventory: The skill possesses the ability to perform write actions via the GitHub API (
gh pr create,gh api), which could be targeted by an injection attack.\n - Sanitization: No sanitization or validation is performed on the git data before it is processed by the LLM.\n- [EXTERNAL_DOWNLOADS]: The skill references documentation hosted on
develop.sentry.dev. These links provide engineering guidelines and are official resources from the vendor (getsentry).
Audit Metadata