update-pr
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
gh(GitHub CLI) tool to update PR metadata.\n - Evidence: Found in
SKILL.mdunder the 'Applying The Update' section:gh pr edit <number> --title "<title>" --body-file <file>.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external, untrusted content from pull requests.\n - Ingestion points: Workflow step 1 in
SKILL.mdspecifies reading the current PR title, body, and branch diff.\n - Boundary markers: Absent. There are no instructions to treat the ingested data as data rather than instructions, allowing embedded commands in PRs to potentially influence agent behavior.\n
- Capability inventory: The skill can execute CLI commands (
gh pr edit) and write to the local file system to draft the PR body (SKILL.md).\n - Sanitization: Absent. There is no logic provided to sanitize or escape the content read from the PR before it is used to draft the new metadata.
Audit Metadata