pr
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- SAFE (SAFE): The skill uses standard developer tools (git, gh) for their intended purposes without any malicious patterns.
- COMMAND_EXECUTION (SAFE): Shell commands are restricted to local repository metadata gathering and PR submission via the official GitHub CLI.
- DATA_EXFILTRATION (SAFE): Communication is limited to official GitHub APIs via the gh tool for the purpose of PR creation.
- INDIRECT_PROMPT_INJECTION (SAFE): The skill ingests untrusted data from git logs and diffs. Evidence: 1. Ingestion points: git diff, git log (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: gh pr create (pr-creation.md). 4. Sanitization: Absent. While a malicious commit message could theoretically influence the PR description, the impact is limited to the text of the PR body.
Audit Metadata