Skills
skills/pc-style/pc-skills/github-create-pr/Gen Agent Trust Hub

github-create-pr

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill executes local shell commands (git and gh). This is the intended purpose of the skill and uses standard, well-known CLI tools.
  • [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it interpolates untrusted user data into shell commands.
  • Ingestion points: Untrusted data enters via user-specified titles (--title), bodies (--body), and labels (--label) in the gh pr create command.
  • Boundary markers: Absent. There are no instructions or delimiters to isolate user-provided text from the command structure.
  • Capability inventory: The skill possesses the capability to execute arbitrary subprocesses through the shell via the gh tool.
  • Sanitization: Absent. The skill does not provide instructions for escaping special shell characters (like backticks, semicolons, or dollar signs) in user input, which could lead to command injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 08:51 AM