Skills
skills/jh941213/my-claude-code-asset/commit-push-pr/Gen Agent Trust Hub

commit-push-pr

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute standard version control commands (git status, git diff, git log, git push) and interaction with the GitHub API via the GitHub CLI (gh pr create). These commands are necessary for the skill's stated functionality.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from the repository's file changes to generate automated text.
  • Ingestion points: The agent reads data from git diff and git log output into its context to summarize changes (found in SKILL.md).
  • Boundary markers: Absent; the instructions do not define delimiters or provide warnings to the agent to ignore potentially malicious instructions embedded within the file diffs.
  • Capability inventory: The skill has access to the Bash tool, enabling it to read files, execute shell commands, and perform network operations via git and gh (found in SKILL.md).
  • Sanitization: Absent; there is no logic to sanitize or validate the content of the files being committed before they are used to populate commit messages or PR bodies.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 07:46 PM