update-pr
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local command-line tools, specifically the GitHub CLI ('gh') and Git, to perform its core functions of reading pull request data and applying updates to title and description fields.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it analyzes content from existing pull requests and code repositories that could contain adversarial instructions.
- Ingestion points: The skill retrieves the current PR body using 'gh pr view' and analyzes code changes via 'git diff' as described in SKILL.md.
- Boundary markers: There are no specific instructions or delimiters used to separate the analyzed repository content from the agent's task instructions.
- Capability inventory: The skill possesses the capability to write to the repository metadata via the 'gh pr edit' command.
- Sanitization: Data retrieved from the PR and code diffs is not sanitized or filtered for potential malicious instructions before processing.
- Mitigation: The skill implements a 'Confirm with User' requirement in Step 6, which uses 'AskUserQuestion' to force a manual review of the proposed title and description before the update is applied.
Audit Metadata