create-pr
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection because it reads and processes data that could be controlled by an external source (e.g., file content via
git diff). - Ingestion points:
SKILL.md(Processes data fromgit diff,git status, and the user-supplied argument[description of the changes]). - Boundary markers: Absent. The skill does not instruct the agent to use specific delimiters or ignore instructions embedded in the file content during the automated PR creation process.
- Capability inventory:
SKILL.md(Capabilities include file staging, committing changes, and creating pull requests via thegitandghtools). - Sanitization: Absent. There is no mention of sanitizing or escaping the data before it is used to construct commit messages or pull request titles.
Audit Metadata