Skills
skills/helderberto/skills/create-pull-request/Gen Agent Trust Hub

create-pull-request

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from untrusted repository content.
  • Ingestion points: The skill reads and processes the output of git log and git diff, and it searches for and reads pull request templates from various locations (e.g., .github/pull_request_template.md).
  • Boundary markers: No markers are used to isolate untrusted data from the agent's core instructions.
  • Capability inventory: The skill has the capability to perform write operations including git push and gh pr create.
  • Sanitization: No sanitization or filtering is applied to the content extracted from commit messages or templates before it is used to generate the PR metadata.
  • [COMMAND_EXECUTION]: The skill uses git and gh (GitHub CLI) for repository management and PR creation. While these are high-privilege tools, the skill incorporates safety rules such as "NEVER force push to main/master" and "NEVER push without user confirmation if already on main/master" to mitigate the risk of repository corruption.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:23 AM