pr
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute the GitHub CLI command 'gh pr create'. It constructs the command line by interpolating the PR title, body content, and labels. While this involves executing shell commands with variable input, it is the primary and intended function of the skill.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it reads the '.github/PULL_REQUEST_TEMPLATE.md' file from the target repository to generate the PR body. A malicious repository could contain a template designed to influence the agent's output during the generation process.
- Ingestion points: The file '.github/PULL_REQUEST_TEMPLATE.md' is read from the repository root.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present when processing the template.
- Capability inventory: The skill has access to the 'Bash' tool (for 'gh pr create') and the 'Read' tool.
- Sanitization: There is no explicit sanitization or validation of the template content before it is processed or used in the command.
Audit Metadata