octocat
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard git and gh CLI commands to perform repository operations such as branch management, PR creation, and issue tracking. These operations are within the stated scope and follow best practices for git workflows.
- [PROMPT_INJECTION]: The skill is designed to process data from external GitHub URLs (issues, PRs, comments). While this creates an ingestion surface for untrusted content, the skill uses structured CLI tools (gh/git) which provide a layer of isolation compared to direct evaluation.
- Ingestion points: GitHub issue content, pull request descriptions, and commit messages fetched via gh/git as specified in SKILL.md.
- Boundary markers: No explicit delimiters are defined in the instructions to separate untrusted web content from agent instructions during processing.
- Capability inventory: Execution of shell commands (git, gh) and temporary file creation (cat > /tmp/pr-body.md) as defined in SKILL.md.
- Sanitization: No explicit sanitization or validation of the content fetched from GitHub URLs is described in the skill logic.
Audit Metadata