git-pr-workflows-pr-enhance
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script in
resources/implementation-playbook.mdusessubprocess.runto executegit diffcommands on the local system. This allows the agent to interact with the host's version control system to extract repository data. - [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface (Category 8) by processing unvetted content from git diffs and commit messages.
- Ingestion points: Data enters the agent context through
analyze_changesandgenerate_pr_descriptioninresources/implementation-playbook.md, which read diff outputs and commit history. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat data from the repository as untrusted or to ignore instructions embedded within code comments or commit logs.
- Capability inventory: The skill possesses capabilities for local command execution (
git) and structured text generation based on the inputs. - Sanitization: No validation or sanitization is performed on the ingested repository data before it is interpreted or used to generate outputs.
Audit Metadata