git-pr
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several system commands via the Git and GitHub CLI (
git,gh) to perform actions such as creating branches, committing changes, pushing code, and managing pull requests. These are standard operations for its stated purpose. - [DATA_EXFILTRATION]: In
references/create.mdandreferences/draft.md, the instructions explicitly recommend usinggit add .to stage all changes. This presents a risk of accidental sensitive data exposure (such as credentials, API keys, or private configuration files) if they are present in the workspace and not correctly listed in the.gitignorefile. - [PROMPT_INJECTION]: The review workflow in
references/review.mdinvolves reading untrusted content from external sources, specifically PR titles, descriptions, and comments. This constitutes an indirect prompt injection surface where a malicious PR author could embed instructions to manipulate the agent's review logic or behavior.
Audit Metadata