git-branch-pr-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the Bash tool to perform Git operations and execute a local helper script (scripts/pr-context.sh) for context gathering. These operations are aligned with the skill's primary purpose of repository management.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from repository content.\n
- Ingestion points: scripts/pr-context.sh ingests untrusted data from the repository (SKILL.md and scripts/pr-context.sh) using git log (commit messages) and git diff (code changes).\n
- Boundary markers: The script lacks delimiters or instructions to the agent to disregard potential commands found within the commit history.\n
- Capability inventory: The agent possesses Bash execution capabilities and access to GitHub MCP tools for pull request manipulation across all scripts.\n
- Sanitization: No sanitization or filtering is performed on the commit messages or diffs before they are presented to the agent's context.
Audit Metadata