pr
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes several git commands including 'git push', 'git checkout', and 'git reset --hard', alongside GitHub CLI ('gh') operations to manage branches and pull requests.
- [PROMPT_INJECTION]: The skill uses authoritative directives such as 'just do it, don't ask' and 'Do NOT ask for confirmation' for branch naming and PR creation, which attempts to bypass typical user verification for repository-modifying actions.
- [COMMAND_EXECUTION]: Calls local project scripts via 'npm run dev', creating an execution point that depends on the local environment's security.
- [PROMPT_INJECTION]: Subject to indirect prompt injection. Ingestion points: retrieves commit messages via 'git log' and code changes via 'git diff' from the repository. Boundary markers: No delimiters or ignore-instructions are used for processed data. Capability inventory: Includes remote data transmission ('git push', 'gh pr create') and destructive local actions ('git reset --hard'). Sanitization: No validation or escaping of retrieved repository data is specified before interpolation.
Audit Metadata