Skills
skills/helderberto/skills/create-pull-request/Gen Agent Trust Hub

create-pull-request

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local CLI tools including git and gh to perform repository operations such as fetching branches, checking status, and creating pull requests. This includes load-time context gathering via !git status and !git log.
  • [DATA_EXFILTRATION]: Transmits repository metadata, code diffs, and commit summaries to GitHub via the official gh CLI tool. As GitHub is the intended destination and a well-known service, this is considered expected behavior.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing external data.
  • Ingestion points: Commit history via git log, code diffs via git diff, and pull request templates found in the repository.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present for the ingested content.
  • Capability inventory: Subprocess execution of git and gh commands.
  • Sanitization: No sanitization of commit messages or template content is performed before interpolation into the PR body.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 09:31 AM