create-pr
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local system commands
gitto analyze the repository state andgh pr createto submit pull requests to GitHub. These actions are aligned with the skill's stated purpose. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from git commit messages and file diffs into its analysis. Ingestion points: Git commit messages and file diffs (Step 1). Boundary markers: No explicit markers or instructions are provided to the agent to distinguish between git data and control instructions. Capability inventory: The skill possesses the ability to create pull requests (
gh pr create), which is a network-based write operation. Sanitization: The skill does not perform any sanitization or validation on the content retrieved from the git repository before processing it.
Audit Metadata