Skills
skills/tanabee/skills/create-pr-text/Gen Agent Trust Hub

create-pr-text

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run gh issue view, git log, and git show. These commands are standard for extracting project context but represent a vector for command execution if the agent is influenced by malicious input.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from GitHub issues and commit messages.\n
  • Ingestion points: Data is retrieved from GitHub issues via gh issue view and from the repository's commit history via git log (SKILL.md).\n
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to separate untrusted issue content from its core instructions, increasing the risk that the agent might follow commands embedded within the fetched data.\n
  • Capability inventory: The skill is authorized to use the Bash and Write tools, which provide the means to interact with the file system and execute shell commands (SKILL.md).\n
  • Sanitization: No sanitization or validation of the fetched issue content or commit messages is performed before the data is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 01:47 PM