Skills
skills/thinkfleetai/thinkfleet-engine/pr-desc/Gen Agent Trust Hub

pr-desc

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation specifies the use of npx to download and run the ai-pr-desc package directly from the npm registry.\n- [REMOTE_CODE_EXECUTION]: Execution of an unverified third-party package (ai-pr-desc by LXGIC Studios) via npx constitutes remote code execution in the user's environment.\n- [COMMAND_EXECUTION]: The skill requires the user to execute shell commands such as npx ai-pr-desc and use piping mechanisms like pbcopy.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted data from git branch changes and code diffs.\n
  • Ingestion points: Git branch changes and code diffs read from the local repository.\n
  • Boundary markers: None; there are no instructions to use delimiters or ignore instructions embedded within the processed code changes.\n
  • Capability inventory: CLI command execution (npx) and network connectivity for communication with the OpenAI API.\n
  • Sanitization: None; the documentation does not indicate any filtering or escaping of git diff content before it is sent to the LLM.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 05:15 AM