wf7-pr
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses git and the GitHub CLI (gh) to push branches and create or edit pull requests. These commands are executed using information derived from the repository's local files.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection through its handling of local documentation. 1. Ingestion points: The skill reads content from 01_KICKOFF.md, 02_SPEC.md, and 03_PLAN.md. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation ingestion process. 3. Capability inventory: The skill can execute shell commands using git and gh. 4. Sanitization: The skill does not specify any sanitization or escaping procedures for the content extracted from documentation files before it is interpolated into shell command strings.
Audit Metadata