gh-create-pr
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses the official GitHub CLI (gh) to create pull requests, which is a legitimate use of a well-known service tool for its intended purpose.
- [PROMPT_INJECTION]: The skill summarizes code changes into PR descriptions, creating a surface for indirect prompt injection.
- Ingestion points: Summarizes code changes and feature descriptions from the agent's context.
- Boundary markers: Uses quoted HEREDOC ('EOF') in SKILL.md to prevent shell evaluation of the summarized content.
- Capability inventory: Executes 'gh' CLI commands to interact with remote repositories.
- Sanitization: Relies on shell-safe templates that prevent variable expansion during command execution.
Audit Metadata