create-pr
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill uses standard tools (git, gh) for its intended purpose of managing pull requests and labels.- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it ingests untrusted data from the repository environment.
- Ingestion points: Data enters the agent's context through 'git log', 'git diff', and the content of '.github/pull_request_template.md'.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between the template content and the system's operational instructions.
- Capability inventory: The skill possesses the capability to execute shell commands via 'git' and the GitHub CLI ('gh') within 'SKILL.md' and the 'references/labels.md' script.
- Sanitization: The 'references/labels.md' script includes regex validation and a whitelist for scope labels, which helps mitigate risks associated with processing external PR titles for labeling purposes.
Audit Metadata