Skills
skills/mrgrauel/skills/conventional-pull-requests/Gen Agent Trust Hub

conventional-pull-requests

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Command Execution] (SAFE): The skill performs shell commands using git and gh to inspect repository state, push branches, and create pull requests. These operations are consistent with the tool's primary purpose.
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted repository content which could contain malicious instructions designed to manipulate the PR creation process.
  • Ingestion points: git log, git diff, and PR template files in the .github/ directory.
  • Boundary markers: None. The agent treats all ingested text as data without explicit markers to ignore embedded instructions.
  • Capability inventory: The agent can execute git push and gh pr create using generated arguments for titles and bodies.
  • Sanitization: No sanitization is performed on the data retrieved from the repository before it is used to draft the PR.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:33 PM