create-pull-request
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various git and gh CLI commands to manage repository state and create pull requests. It utilizes a temporary file in /tmp/ for PR content to manage large strings reliably and avoid command line length limitations.
- [DATA_EXFILTRATION]: Facilitates git push operations to transfer local code and commit history to remote repositories as part of the pull request workflow.
- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface. 1. Ingestion points: git log, git diff, and git branch output from the local repository. 2. Boundary markers: Absent for untrusted repository metadata during context gathering. 3. Capability inventory: Subprocess calls to git and gh CLI tools, and file write access to /tmp/. 4. Sanitization: Employs the --body-file flag to securely handle PR body content and prevent shell escaping vulnerabilities.
Audit Metadata