Skills
skills/jacehwang/harness/pr/Gen Agent Trust Hub

pr

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute gh pr create and gh pr edit commands where the --body and --title arguments are populated using data derived from git log, git diff, and gh pr view. This creates a shell injection vulnerability because these git outputs are untrusted and can contain shell metacharacters (e.g., backticks, semicolons, or quotes) that allow an attacker to break out of the intended command and execute arbitrary code on the host system.\n- [PROMPT_INJECTION]: The skill processes untrusted data from the repository's history and existing PRs to generate content, creating an indirect prompt injection surface.\n
  • Ingestion points: Data enters via git log, git diff, and gh pr view --json body.\n
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present when processing this data.\n
  • Capability inventory: The skill has the ability to perform git push and modify pull requests via gh pr create/edit.\n
  • Sanitization: No validation or escaping of the extracted commit messages or PR bodies is performed before they are used in shell commands or prompt synthesis.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 05:52 AM