gitcode-pr
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill fetches and processes a pull request template (.gitee/PULL_REQUEST_TEMPLATE.zh-CN.md) from the upstream GitCode repository. If an attacker controls this remote template, they could include instructions designed to influence the agent's behavior.
- Ingestion points: SKILL.md (Workflow Step 5 fetches the template via
git show). - Boundary markers: Absent; the template content is used directly as the PR body.
- Capability inventory: git push, gitcode_create_issue, and gitcode_create_pull_request allow the agent to perform repository actions.
- Sanitization: Uses basic
sedfor placeholder replacement, which does not filter for instructional content.
Audit Metadata