yeet
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official GitHub CLI (gh) and standard git commands for all repository operations. All external targets, such as anthropics/claude-code, openai/codex, and biomejs/biome, are trusted organizations or well-known services.
- [SAFE]: Secure command execution is implemented using HEREDOC syntax with quoted delimiters ('EOF'). This prevents shell variable expansion and command injection when passing AI-generated PR titles, issue bodies, or discussion content to the gh CLI.
- [COMMAND_EXECUTION]: The skill invokes several legitimate command-line tools, including git, gh, claude, codex, and biome, as well as a local utility script get-macos-version.sh. These executions are strictly limited to the skill's primary purpose of facilitating developer contributions.
- [INDIRECT_PROMPT_INJECTION]: The skill analyzes external data such as code diffs, commit messages, and repository issue templates to summarize changes and generate content.
- Ingestion points: Reads data via git diff, git log, and gh search (found in references/create-pr.md and references/create-issue.md).
- Boundary markers: Uses HEREDOC delimiters for shell safety; however, it does not implement specific text-based delimiters to isolate ingested data from LLM instructions in the generated prompt context.
- Capability inventory: Performs repository metadata reads/writes and creates remote GitHub resources via the gh CLI.
- Sanitization: The skill relies on the LLM's internal safety filters and HEREDOC formatting rather than explicit content sanitization of the analyzed diffs or logs.
Audit Metadata