Skills
skills/prulloac/agent-skills/github-pull-request/Gen Agent Trust Hub

github-pull-request

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection vulnerability surface detected. The skill ingests untrusted data from the repository being processed to generate pull request descriptions.
  • Ingestion points: pull_request_template.md and git logs/diffs are read into the agent context (Workflow steps 2 and 3).
  • Boundary markers: Absent. The instructions do not specify delimiters to isolate repository content from agent instructions.
  • Capability inventory: The skill can execute shell commands via gh and curl, and has access to the GITHUB_TOKEN environment variable.
  • Sanitization: Absent. The skill populates templates directly from git history without filtering for potential command patterns or instruction overrides.
  • COMMAND_EXECUTION (SAFE): The skill uses git, gh (GitHub CLI), and curl to perform its intended functions. While these are powerful tools, their use here is restricted to the primary purpose of the skill and includes a required user review step (Workflow step 5) which serves as a critical security boundary.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 02:58 AM