create-pr
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various git commands (e.g.,
git branch,git status,git log,git diff) and GitHub CLI commands (gh pr create,gh auth status) to facilitate the PR creation workflow. - [COMMAND_EXECUTION]: A local shell script (
scripts/estimate-base-branches.sh) included within the skill package is executed to help identify suitable base branches for the Pull Request based on committer dates and branch divergence. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) because it processes untrusted data from the local repository (such as PR templates, commit messages, and code diffs) to generate titles and descriptions.
- Ingestion points: Git diff output, commit history, and repository-specific PR templates (e.g.,
.github/pull_request_template.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the processed repository data are provided.
- Capability inventory: The skill has the capability to execute PR creation via the
ghCLI or GitHub MCP. - Sanitization: No sanitization or validation of the ingested repository content is performed before it is used to construct the final PR draft.
Audit Metadata