open-pr

The skill open-pr is defined in a markdown file and executes a single command: gh pr view --web. This command is part of the GitHub CLI, a well-known and trusted tool from GitHub.

Threat Category: Command Execution (LOW): The skill explicitly runs a shell command. However, the command gh pr view --web is specific, does not accept arbitrary user input, and is designed for a benign action (opening a web page). There is no indication of arbitrary command execution or shell injection vulnerabilities. The command itself is not inherently dangerous.

Threat Category: Unverifiable Dependencies (LOW): The skill relies on the gh (GitHub CLI) tool being installed and configured on the user's system. While gh is a legitimate and widely used tool from GitHub (a trusted organization), the skill itself does not manage its installation or verify its integrity. This is a common pattern for skills that wrap existing CLI tools. The risk is low because gh is a well-known, trusted binary, and the command used is benign.

No other threats, including Prompt Injection, Data Exfiltration, Obfuscation, Privilege Escalation, Persistence Mechanisms, Metadata Poisoning, Indirect Prompt Injection, or Time-Delayed/Conditional Attacks, were detected in the provided skill file.