Skills
skills/toilahuongg/shopify-agents-kit/git-pr/Gen Agent Trust Hub

git-pr

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the bash tool to run git and gh commands. Specifically, it uses git branch, git remote, git log, and git diff to gather context about changes, and optionally uses gh pr create to submit the pull request. All commands are standard and restricted to the git and gh binaries.
  • [SAFE]: No malicious behavior, obfuscation, or unauthorized data exfiltration patterns were identified. The skill operates on local repository data to fulfill its documented purpose.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted content from commit messages and code diffs. * Ingestion points: Data is read from git log and git diff output in SKILL.md. * Boundary markers: No specific markers are used to delimit untrusted git data from instructions. * Capability inventory: The skill can execute git and gh commands. * Sanitization: There is no sanitization of the input data extracted from the repository history.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 09:14 PM