Skills
skills/troykelly/codex-skills/pr-creation/Gen Agent Trust Hub

pr-creation

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill uses standard development tools for branch management and API interaction. Evidence: SKILL.md utilizes git fetch, git rebase, git push, and gh pr create commands.
  • PROMPT_INJECTION (MEDIUM): Vulnerable to indirect prompt injection where malicious content in source code, commit messages, or issue descriptions could influence the documentation generated for pull requests.
  • Ingestion points: Implementation details, commit history, and verification results are used to populate the PR body.
  • Boundary markers: None are specified in the templates to separate agent instructions from processed data.
  • Capability inventory: Includes the ability to push to remote branches and create Pull Requests via the GitHub CLI.
  • Sanitization: No sanitization or validation of the ingested repository content is performed before it is sent to the GitHub API.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 06:01 AM