mr-description-generator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute local shell commands (
git log,git diff). These are standard read-only operations used to gather context for the MR description, but they do involve direct interaction with the host's shell. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface Detected.
- Ingestion points: The skill ingests untrusted data from the output of
git diff develop...HEADin Step 1. - Boundary markers: Absent. The instructions do not define delimiters to separate the diff data from the agent's instructions.
- Capability inventory: The skill possesses command execution capabilities (
gitcommands) and text generation capabilities. - Sanitization: Absent. There are no instructions to the agent to ignore or sanitize embedded instructions found within code comments, string literals, or documentation in the diff output.
- Risk: An attacker could commit code containing "hidden" instructions (e.g., in a comment) that attempt to manipulate the AI's categorization of changes or the content of the final MR description.
Audit Metadata