pr-creator
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by processing potentially untrusted data from the repository environment.\n
- Ingestion points: Reads the contents of
.github/PULL_REQUEST_TEMPLATE.mdfrom the local repository (SKILL.md).\n - Boundary markers: No delimiters or safety instructions are used to distinguish the template content from the agent's system instructions.\n
- Capability inventory: The agent has access to shell commands via
gitandgh(SKILL.md).\n - Sanitization: The skill does not validate or sanitize the template content before integrating it into the prompt for drafting the pull request.\n- [COMMAND_EXECUTION]: The skill instructs the agent to execute standard command-line tools including
git(for branch management, status, and pushing) andgh(for pull request creation). These are used for their intended primary purpose within the scope of pull request automation.
Audit Metadata