push
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands including
git,gh,make, andmix. These are utilized for their standard functions in a software development lifecycle, such as pushing code, managing pull requests, and running local project validations. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted content from GitHub Pull Request bodies.
- Ingestion points: External data is retrieved from GitHub via the
gh pr view --json bodycommand inSKILL.md. - Boundary markers: No boundary markers or delimiters are used to isolate the ingested text from the agent's instructions.
- Capability inventory: The skill has significant capabilities including executing repository changes via
git pushand modifying metadata viagh pr createandgh pr edit. - Sanitization: The skill lacks evidence of sanitizing or filtering the ingested PR body text before it is processed by the agent or the
mix pr_body.checktool.
Audit Metadata