pr-workflow-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes standard command-line utilities including git, gh, and bun. It includes instructions to use 'fish -c' for command execution recovery, which is a form of dynamic shell wrapping.
- [PROMPT_INJECTION] (LOW): The skill presents an Indirect Prompt Injection surface (Category 8). It processes potentially untrusted code changes to generate PR titles and descriptions. Evidence Chain: (1) Ingestion points: local file changes and repository content; (2) Boundary markers: none defined; (3) Capability inventory: 'git push' and 'gh pr create'; (4) Sanitization: none implemented.
Audit Metadata