Skills
skills/gupsammy/claudest/push-pr/Gen Agent Trust Hub

push-pr

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the local git repository history.
  • Ingestion points: scripts/format-pr-body.py uses git log and git diff to extract commit messages and file changes.
  • Boundary markers: Absent. Commit messages and diff statistics are directly interpolated into the PR body markdown.
  • Capability inventory: The skill utilizes Bash(git:*), Bash(gh:*), and Bash(python3:*) for its operations.
  • Sanitization: Absent. No escaping or validation is performed on commit messages or file paths before inclusion.
  • [DYNAMIC_EXECUTION]: The skill assembles shell commands using untrusted string data.
  • Evidence: In SKILL.md, the agent is instructed to run gh pr create --title "<title>" --body "<format-pr-body output>". The <title> and body content are derived from git history. If these contain shell metacharacters like backticks or subshells, they could be executed by the agent's shell environment during the tool call.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:41 PM