Skills
skills/gn00678465/agentskills/pull-request/Gen Agent Trust Hub

pull-request

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) and git to perform repository operations such as viewing PR status, pushing branches, and creating/editing pull requests. It correctly uses --body-file to handle multi-line descriptions safely.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from the repository's commit history to generate PR titles and descriptions.
  • Ingestion points: Commit messages and file diffs are retrieved via git log --oneline and git show --stat in SKILL.md.
  • Boundary markers: The skill lacks explicit delimiters or instructions for the AI to ignore embedded commands within the commit messages being analyzed.
  • Capability inventory: The agent can modify remote repository state via gh pr create, gh pr edit, and git push operations.
  • Sanitization: The skill follows a secure pattern of writing description content to a temporary file (pr-body.md) before using it with the CLI, though the generated PR title is interpolated directly into the command string.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 08:00 AM