pr
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses git and the GitHub CLI (gh) to perform development operations such as branching, staging changes, committing, and managing the pull request lifecycle. These tools are used according to standard industry practices.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. 1. Ingestion points: Pull request metadata, descriptions, and code diffs are ingested using 'gh pr view' and 'gh pr diff' as specified in 'references/review.md'. 2. Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are implemented in the provided markdown templates. 3. Capability inventory: The agent has the capability to execute terminal commands including git (checkout, commit, push) and gh (create, comment, review). 4. Sanitization: There is no evidence of sanitization or filtering of the external pull request content before it is processed by the agent.
Audit Metadata