Skills
skills/siyuqian/devpilot/devpilot-pr-creator/Gen Agent Trust Hub

devpilot-pr-creator

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains instructions that significantly reduce human oversight by establishing an "automatic by default" operating mode. It explicitly directs the agent to skip confirmation steps for branch naming, commit messages, and the creation of pull requests, which could lead to unintended actions if the agent processes malicious data.
  • [COMMAND_EXECUTION]: The skill makes extensive use of CLI tools including git, gh (GitHub CLI), and glab (GitLab CLI) to modify the repository state. These commands are executed based on the agent's interpretation of the codebase, which, combined with the lack of mandatory user approval, increases the risk of unauthorized or harmful repository changes.
  • [DATA_EXFILTRATION]: The skill performs network operations via git push to remote servers. While this is standard for its purpose, the automated nature of these operations without a human-in-the-loop review process creates a risk where sensitive information could be pushed to a remote repository if the agent is manipulated or if secrets are present in the diff.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the repository's history and configuration files to determine its behavior.
  • Ingestion points: Data enters the agent's context through git diff, git log, and the reading of project files such as Makefile, pyproject.toml, or package.json across all files in the skill's scope.
  • Boundary markers: There are no boundary markers or instructions to the agent to disregard instructions that might be embedded in the code diffs or comments it reads.
  • Capability inventory: The skill has the capability to write to the local filesystem (via git), push code to remote repositories, and interact with the API of hosting providers like GitHub and GitLab.
  • Sanitization: There is no logic provided to sanitize or validate the content retrieved from the git diff before it is used to generate PR descriptions or select templates.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 10:27 PM