Skills
skills/tobihagemann/turbo/update-pr/Gen Agent Trust Hub

update-pr

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from GitHub pull request content and commit history.
  • Ingestion points: Fetches PR details via gh pr view and commit history via git diff (SKILL.md).
  • Boundary markers: The instructions do not specify any delimiters or safety warnings to ignore embedded instructions within the PR body or commit messages.
  • Capability inventory: The skill has the capability to write to the repository using gh pr edit and execute local shell commands via git.
  • Sanitization: No explicit sanitization or validation of the fetched external content is performed before processing.
  • Mitigation: The skill includes a human-in-the-loop checkpoint (AskUserQuestion in Step 6) before applying the update, which mitigates the risk of automated malicious actions.
  • [COMMAND_EXECUTION]: The skill executes shell commands to interact with the local git repository and the GitHub CLI.
  • Evidence: Uses gh pr view, git diff, and gh pr edit (SKILL.md).
  • Safety: In Step 7, the skill uses a heredoc with a quoted delimiter (cat <<'EOF') when applying the PR update. This is a security best practice that prevents shell expansion or command injection from the generated body content during execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 11:00 PM