codex-pr-body
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [Tool Integration]: The skill utilizes external command-line tools including
git,gh(GitHub CLI), andsl(Sapling SCM). These are standard tools for version control and repository management workflows. - [Data Ingestion Surface]: The skill reads existing pull request bodies using
gh pr viewto preserve important information like images. This creates a surface for indirect prompt injection if a PR body contains malicious instructions, though the risk is low as the output is used to generate a new PR description. - [Capability Scope]: The skill's operations are limited to reading repository state and updating pull request metadata (title and body). It does not perform arbitrary code execution or access sensitive system files outside the repository context.
Audit Metadata