Skills
skills/tartinerlabs/skills/create-pr/Gen Agent Trust Hub

create-pr

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git push and gh pr create as part of its core workflow. These commands are standard for the tool's stated purpose of pull request automation and are invoked with appropriate flags for user assignment.
  • [PROMPT_INJECTION]: The skill processes untrusted input from commit messages, existing pull requests, and documentation to generate PR titles and descriptions, creating a surface for indirect prompt injection.
  • Ingestion points: Git history and repository documentation (SKILL.md lines 7 and 18).
  • Boundary markers: No specific delimiters or instructions are provided to help the agent distinguish between data and instructions within the ingested content.
  • Capability inventory: Shell execution for branch pushing and PR creation.
  • Sanitization: No explicit sanitization or verification of the data extracted from commits is performed before it is used to generate PR content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 03:30 AM