Skills
skills/ihkreddy/agent-skills-ts/branch-and-pr/Gen Agent Trust Hub

branch-and-pr

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts use execSync and spawnSync to run git and GitHub CLI commands. Specifically, create-pr.ts and full-workflow.ts construct shell commands using inputs from Jira ticket fields (summary and description). While there is basic escaping (replacing double quotes and backticks), this remains a surface for potential command injection if a Jira ticket contains malicious shell characters that bypass the simple replacement logic.
  • [PROMPT_INJECTION]: The SKILL.md file contains instructions for the agent to extract ticket IDs and fetch details from Jira. This introduces an indirect prompt injection surface where a malicious Jira ticket description could contain instructions designed to influence the agent's behavior during the PR creation process (e.g., 'Do not mention the security vulnerabilities found in the code').
  • [DATA_EXPOSURE]: The scripts load Jira configuration (JIRA_URL, JIRA_EMAIL, JIRA_API_TOKEN) from a .env file or environment variables. While this is a standard practice for local tools, it highlights the requirement for users to manage these secrets securely within their environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:39 AM