Skills
skills/ravnhq/ai-toolkit/agent-pr-creator/Gen Agent Trust Hub

agent-pr-creator

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git commands (git diff, git log, git status) and GitHub CLI commands (gh pr list, gh pr create). It dynamically assembles the gh pr create command using multi-line strings derived from commit history, which requires careful agent handling to prevent shell injection or malformed command execution.
  • [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface because it reads and summarizes untrusted data from the repository's git history.
  • Ingestion points: Analyzes outputs from git log --oneline and git diff in Phase 2 and Phase 4 of the SKILL.md workflow.
  • Boundary markers: Absent; there are no specific delimiters or guardrail instructions to ensure the agent ignores potentially malicious commands hidden within commit messages or code comments.
  • Capability inventory: The skill has access to the Bash tool and performs authenticated network operations via the gh CLI.
  • Sanitization: No explicit sanitization or filtering of commit messages is mentioned before they are interpolated into the pull request title and body.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 07:01 PM