gh-pr-create
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted commit messages and diff data to generate pull request content, presenting an indirect prompt injection surface.\n
- Ingestion points: Commit history and diffs in
SKILL.mdStep 3.\n - Boundary markers: Absent. No delimiters are used to separate untrusted git data from the prompt.\n
- Capability inventory: Subprocess execution of
gh pr createandgit push.\n - Sanitization: No programmatic sanitization is present, but the 'Iron Law' requiring user preview and approval acts as a manual check.\n- [COMMAND_EXECUTION]: The skill executes multiple shell commands using
gitandghto manage repository state.\n - Evidence: Script blocks in
SKILL.mdcontain instructions for authenticated GitHub CLI operations.
Audit Metadata