create-pr
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to run repository-specific quality gates such as
lint,tests, andbuild. Because these commands are defined in the repository being worked on, they could execute arbitrary code if the repository is malicious.- [EXTERNAL_DOWNLOADS] (LOW): The workflow suggests installing external tools likebunor the GitHub CLI (gh) if they are not present. While it correctly mandates asking the user for permission, installing software via an AI agent involves inherent risks.- [PROMPT_INJECTION] (LOW): (Category 8 - Indirect Prompt Injection): The skill possesses an attack surface for indirect injection as it processes untrusted repository files to generate PR descriptions and runs shell commands based on repo content.
- Ingestion points: Local repository files and branch names.
- Boundary markers: None specified in the instructions.
- Capability inventory: Shell execution (
git,gh,bun,npm), network access (viagh). - Sanitization: No explicit sanitization or validation of repository-provided script names or content.
Audit Metadata