generate-pr-description
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing various
gitcommands (e.g.,git diff,git log,git rev-parse) to extract information about code changes and repository state. It also executes local Node.js scripts for utility tasks like clipboard management. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from the repository's git history.
- Ingestion points: Commit messages and file names are read from the repository using
git logandgit diffinSKILL.md(Workflow steps 2 and 3). - Boundary markers: The prompt does not utilize delimiters or specific instructions to distinguish between the content of commit messages and the agent's instructions, making it possible for a malicious commit message to influence agent behavior.
- Capability inventory: The skill has the capability to execute git commands, read/write local files (such as
skills-configs.jsonandpr-description.md), and interface with the system clipboard using local scripts. - Sanitization: No validation or filtering is applied to the git history data before it is incorporated into the LLM prompt for generating the PR description.
Audit Metadata