create-pr
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands (
git,gh,npx) to manage repository state and create pull requests. These actions are aligned with the skill's stated purpose and use standard industry tools. - [PROMPT_INJECTION]: The skill processes untrusted data from git diffs and commit messages (ingestion point:
git diffinSKILL.md). While boundary markers are not explicitly used in the prompt interpolation, the skill enforces a strict output schema and uses quoted HEREDOCs (<<'EOF') to sanitize data during command execution (gh pr create), mitigating risks associated with malicious content in the diff. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto runtscandeslint. This involves well-known developer tools from the official npm registry, which is a standard and safe practice in modern development workflows.
Audit Metadata