pull-request
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection because it reads and processes untrusted data from code diffs and specification files to generate natural language output.
- Ingestion points:
gh pr diff,gh pr view,git diff, and user-providedSPEC.mdfiles (SKILL.md Step 1). - Boundary markers: Absent. The instructions do not provide specific delimiters or warnings to the AI to ignore embedded instructions within the source material.
- Capability inventory: The skill can execute
gh pr create,gh pr edit, andgit push(SKILL.md Step 3). - Sanitization: Absent. There is no explicit logic to sanitize or escape the content gathered from the repository before it is processed by the LLM.
- [Command Execution] (SAFE): The skill executes shell commands using
gitandgh. This behavior is the primary intended purpose of the skill and uses standard patterns (like heredocs) to pass data to the CLI tools safely.
Audit Metadata