Skills
skills/techdufus/oh-my-claude/pr-creation/Gen Agent Trust Hub

pr-creation

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill is vulnerable to instructions embedded in the repository's history or code.
  • Ingestion points: The skill ingests untrusted data from git log and git diff to generate PR titles and descriptions.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the repository data as untrusted content.
  • Capability inventory: The skill possesses the capability to execute Bash commands and use the GitHub CLI (gh) to create resources on remote repositories.
  • Sanitization: While the implementation uses shell-safe HEREDOC patterns to prevent command injection, there is no sanitization to prevent the LLM from following instructions found within the commit messages it summarizes.
  • COMMAND_EXECUTION (SAFE): Legitimate Tool Usage. The skill utilizes git and gh commands strictly for their intended purposes within the PR creation workflow. No suspicious or high-risk command execution patterns (like sudo or piping remote scripts to bash) were identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:32 PM