pull-request
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill instructions contain language intended to override the agent's default decision-making process by claiming that direct commands will fail and that this skill must be invoked automatically without user request.
- COMMAND_EXECUTION (SAFE): The skill uses standard GitHub CLI (
gh) and Git commands to perform intended tasks. It correctly uses a quoted heredoc (<<'EOF') in the PR creation command, which is a security best practice to prevent shell interpolation of the PR body content. - INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: The skill reads and analyzes Git commit history and Jira ticket references from the working context.
- Boundary markers: No specific delimiters or "ignore" instructions are provided to the agent when it is asked to analyze commit messages for the "WHY" of the changes.
- Capability inventory: The skill can execute
git push,gh pr create, andgh label create. - Sanitization: The skill does not explicitly sanitize commit messages before they are processed by the LLM to generate the PR description.
Audit Metadata