Skills
skills/raine/workmux/open-pr/Gen Agent Trust Hub

open-pr

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the bash tool to execute git status, git push, and gh pr create. These operations are used as intended to manage branches and initiate the Pull Request process.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) because it populates PR fields with unvalidated data from the local repository and conversation history.
  • Ingestion points: Data is pulled from git diff, git log, and the conversation context.
  • Boundary markers: There are no specific delimiters or instructions provided to the agent to treat this gathered content as untrusted.
  • Capability inventory: The skill has access to bash for shell commands and Read for file access.
  • Sanitization: There is no explicit sanitization of the generated title or body before interpolation into the gh command. However, the use of the --web flag ensures that the PR is not submitted automatically, requiring a human to review and approve the content in a browser.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 10:09 PM