pr
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs expected development tasks using standard command-line tools without any suspicious behavior.
- [COMMAND_EXECUTION]: The skill executes local Git and GitHub CLI commands (
git log,git diff,gh repo view) to gather repository metadata and commit history. It also usesnodeorpythonto perform URL encoding on the generated text. These operations are restricted to the local environment and are used to facilitate the skill's primary function. - [DATA_EXFILTRATION]: The skill processes local repository data (commit messages and code diffs) to populate the PR title and body. This data is incorporated into a URL targeting
github.com(a well-known, trusted service). Because the skill requires the user to manually click the generated link and the target is a trusted domain, the data exposure is intentional and safe. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted data from commit logs and diffs.
- Ingestion points: Git logs and diffs are read in
SKILL.md(Step 5). - Boundary markers: Absent — there are no specific instructions to ignore instructions embedded within the git logs.
- Capability inventory: The skill has the ability to run
git pushand execute shell commands for URL encoding inSKILL.md. - Sanitization: The skill uses
encodeURIComponent(Step 7) to sanitize the data before it is interpolated into the final URL. - Since the output is a URL that must be manually reviewed and clicked by the user, the risk is negligible.
Audit Metadata