github-pull-request
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a vulnerability surface for indirect prompt injection as it processes data from the local repository.
- Ingestion points: The skill reads file contents, diffs, and commit history from the target repository using git commands.
- Boundary markers: Absent. The skill does not use delimiters or explicit instructions to the AI to ignore instructions embedded in the analyzed code.
- Capability inventory: The skill has the capability to write to GitHub (creating PRs) and output content to the chat interface.
- Sanitization: Absent. There is no evidence of escaping or validation of the data pulled from the repository before it is used to generate PR titles and descriptions.
- [Command Execution] (SAFE): The skill executes standard, read-only git commands (
git diff,git log,git status) to gather context. No arbitrary command execution or shell injection patterns were detected. - [Prompt Injection] (SAFE): While the skill enforces a specific 'chill dude' persona and an English-only requirement, these are behavioral constraints and do not attempt to bypass core AI safety filters.
Audit Metadata