Skills
skills/marcelorodrigo/agent-skills/create-pr/Gen Agent Trust Hub

create-pr

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill analyzes untrusted data from the local repository (commit messages and code diffs) to generate PR descriptions, creating a surface for injection.
  • Ingestion points: SKILL.md triggers the ingestion of repository data via git log and git diff commands.
  • Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions for the content read from the repository.
  • Capability inventory: The skill uses the gh CLI to create and edit Pull Requests and can interact directly with the GitHub API, allowing for modification of remote repository state.
  • Sanitization: Absent. There is no logic provided to sanitize or escape the content of the diffs or logs before they are interpolated into the PR body or shell commands.
  • Command Execution (LOW): The skill constructs and executes shell commands for git and gh. While these are the primary functions of the tool, the use of interpolated variables like PR_NUMBER and <description> requires the agent's runtime environment to properly escape inputs to prevent potential command injection in the local shell.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:53 PM