Skills
skills/laurigates/claude-plugins/git-upstream-pr/Gen Agent Trust Hub

git-upstream-pr

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses dynamic context injection (the !command syntax) to execute read-only git diagnostic commands (such as git status, git remote, and git log) when the skill is loaded. This provides the agent with immediate situational awareness of the repository environment.
  • [COMMAND_EXECUTION]: The workflow consists of standard development operations using git and gh (GitHub CLI), including fetching remotes, stashing changes, cherry-picking commits, and creating cross-fork pull requests. All operations are aligned with the stated purpose of the skill.
  • [PROMPT_INJECTION]: The skill processes untrusted data from the git environment, creating a surface for indirect prompt injection.
  • Ingestion points: Commit messages are read via git log and remote URLs are retrieved via git remote get-url (SKILL.md).
  • Boundary markers: Absent; the skill does not use specific delimiters to isolate external content from its own instructions.
  • Capability inventory: The skill has the ability to perform git push and gh pr create, which are powerful but necessary for its function.
  • Sanitization: The skill employs sed commands to parse and validate the structure of repository URLs before using them as arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 08:35 AM