Skills
skills/michael-menard/monorepo/wt-commit-and-pr/Gen Agent Trust Hub

wt-commit-and-pr

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various git and GitHub CLI (gh) commands to manage the repository state. While these are necessary for the skill's primary function, they involve significant system capabilities.
  • [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by reading from files defined by the user.
  • Ingestion points: The skill reads the contents of files provided in the PROOF_PATH and EVIDENCE_PATH parameters to construct the PR body.
  • Boundary markers: There are no explicit markers or instructions to the agent to treat the content of these files as untrusted or to ignore any instructions embedded within them.
  • Capability inventory: The skill can perform file system operations (git add), repository modifications (git commit), and network-facing operations (git push, gh pr create).
  • Sanitization: There is no evidence of content sanitization or validation before the data from external files is used to populate GitHub PR fields.
  • [PROMPT_INJECTION]: Parameters such as {STORY_ID} and {STORY_TITLE} are interpolated directly into shell command strings for committing changes and creating pull requests. If the execution environment does not properly escape these inputs, it could lead to command injection if the story title contains malicious shell characters.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 02:27 AM