gh-draft-pr
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates local git and gh CLI commands to extract repository information and create pull requests. It generates shell commands incorporating local repository data.
- [PROMPT_INJECTION]: Indirect prompt injection surface identified through ingestion of untrusted repository data.
- Ingestion points: Local git commit messages, branch names, and pull request templates.
- Boundary markers: Absent; the skill does not use specific delimiters to isolate untrusted data from instructions.
- Capability inventory: Execution of subprocesses (git, gh) and writing temporary files to the local repository.
- Sanitization: No evidence of escaping or validating branch names or commit messages before they are interpolated into the final PR body or CLI command.
Audit Metadata