cmd-pr-build-context
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted repository content, creating a surface for indirect prompt injection.\n
- Ingestion points: The skill reads untrusted data from
git diffoutput, file lists viagit ls-files, and project documentation files likeREADME.md,CLAUDE.md, andAGENTS.md.\n - Boundary markers: No specific delimiters or explicit instructions to ignore embedded commands are used to wrap the ingested content.\n
- Capability inventory: The skill is restricted to read-only Git and GitHub CLI operations and does not possess capabilities for file modification, arbitrary shell execution, or network exfiltration.\n
- Sanitization: No sanitization or filtering is applied to the repository content before it is processed by the agent.
Audit Metadata