Skills
skills/molechowski/agent-skills/git-pr-create/Gen Agent Trust Hub

git-pr-create

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of local git and gh commands to manage branch status, view repository metadata, and create pull requests. These are standard operations for the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill retrieves commit subjects and messages via git log to automatically generate titles and descriptions for pull requests. This constitutes an indirect prompt injection surface as the agent processes untrusted data from the repository's history. However, the risk is limited to the content of the generated PR and is inherent to the tool's primary function of summarizing development changes.
  • Ingestion points: SKILL.md (via git log commands)
  • Boundary markers: None specified for the $TITLE and $BODY variable interpolations
  • Capability inventory: Local command execution via git and gh CLI tools
  • Sanitization: No sanitization of commit history metadata is shown before use in PR generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 09:35 PM