create-pr
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (LOW): The skill presents an indirect prompt injection surface as it ingests untrusted code changes via git diff to generate descriptions. Evidence: 1. Ingestion point: git diff output. 2. Boundary markers: Not mentioned in documentation. 3. Capability inventory: Git commit, git push, and API write access for issues and PRs. 4. Sanitization: Not mentioned in the provided documentation.
- NO_CODE (SAFE): The primary Python scripts (full_auto_pr.py and repo_api.py) were not included in the skill content, limiting the analysis to documentation and reference guides.
- COMMAND_EXECUTION (SAFE): The skill utilizes standard git and python commands for local automation tasks, which is expected behavior for its stated purpose.
- DATA_EXFILTRATION (SAFE): The skill interacts with GitHub and GitLab APIs. These are trusted sources for repository management, and no unauthorized exfiltration patterns were detected.
Audit Metadata