Skills
skills/growth4u-sytems/gattaca-secuenciador-de-prompts/create-pr/Gen Agent Trust Hub

create-pr

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill analyzes code changes (untrusted data) from git diffs and logs to determine the PR type, scope, and summary. A malicious actor could embed instructions in the code being analyzed to influence the agent's PR generation or subsequent actions. Evidence Chain: 1. Ingestion points: git diff --stat and git log output in Step 2. 2. Boundary markers: Absent when processing diff data. 3. Capability inventory: git push and gh pr create (write/execute capability). 4. Sanitization: None.
  • Command Execution (MEDIUM): The PR title is interpolated directly into a shell command in Step 4 (gh pr create --title "<type>(<scope>): <summary>"). If the agent generates a summary containing shell metacharacters like backticks or subshells, they could be executed by the host environment.
  • Dynamic Execution (MEDIUM): The skill uses shell interpolation for the PR body template via a heredoc in Step 4. While the heredoc uses single-quoted 'EOF' to prevent local expansion of variables within the script itself, the agent remains responsible for safely constructing the string content it provides to the shell.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:55 AM