pr-submit
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs several local command-line operations using
gitand the GitHub CLI toolgh. These operations are used to check repository status, diff changes, log history, push branches, and create pull requests. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from the repository that could be manipulated by an attacker.
- Ingestion points: Data is pulled into the agent context via
git diff(file content) andgit log(commit messages). - Boundary markers: No explicit markers or instructions are provided to the agent to ignore or delimit embedded instructions within the git output.
- Capability inventory: The skill has the ability to execute shell commands and interact with the GitHub API via the
ghtool, and it triggers further processing through/changelogand/pr-descriptionskills. - Sanitization: There is no evidence of sanitization or filtering of the repository data before it is passed to subsequent tools, which may use an LLM to interpret the content.
Audit Metadata