pr-process
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is vulnerable to malicious instructions embedded within the data it processes. Ingestion points: Processes external content from
.github/PULL_REQUEST_TEMPLATE.mdand user-provided commit messages. Boundary markers: No delimiters or safety instructions are used to isolate untrusted data from the agent's logic. Capability inventory: The skill possesses 'write' capabilities via theghCLI and the execution ofscripts/pr-create.sh. Sanitization: There is no evidence of input validation or escaping before data is passed to execution tools. - Command Execution (MEDIUM): The skill explicitly relies on executing shell commands and local scripts. Evidence: References
scripts/pr-create.shandgh pr createin the instruction steps. Risk: These capabilities allow the agent to modify repository state or run local logic, which can be exploited if the agent is subverted through its data ingestion points.
Recommendations
- AI detected serious security threats
Audit Metadata