send-it
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Potential for Indirect Prompt Injection. The skill summarizes data from git logs and code diffs which are untrusted external inputs.
- Ingestion points:
SKILL.md(Step 2: outputs ofgit log,git diff --stat, andgit diff). - Boundary markers: Absent; the skill prompt does not define clear delimiters for the ingested git data during the drafting phase.
- Capability inventory: Capabilities include file system writing (
Write), branch pushing (git push), and pull request creation (gh pr create). - Sanitization: The skill mitigates risks by requiring user confirmation via
AskUserQuestionbefore final execution and by using theWritetool to store the PR body in a temporary file to prevent direct shell injection. - [COMMAND_EXECUTION]: Executes local system commands via the
Bashtool. The skill relies on standardgitandgh(GitHub CLI) tools to inspect repository state and automate the PR workflow.
Audit Metadata