pr-ready
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several powerful shell commands including
git merge,git push, andgh pr edit. While these are part of the intended workflow, they are executed based on repository state and variables derived from file content. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the local repository to influence agent behavior and output.
- Ingestion points: The skill reads commit history using
git log, functional specifications fromdocs/specs/, and PR templates from.agents/pr-template.md(SKILL.md). - Boundary markers: There are no explicit instructions or delimiters provided to the agent to prevent it from following commands that might be embedded within commit messages or documentation files.
- Capability inventory: The agent has the ability to push code (
git push), merge branches (git merge), and edit PR metadata (gh pr edit) based on the processed data (SKILL.md). - Sanitization: The skill lacks explicit sanitization or escaping mechanisms for the content retrieved from the repository before it is used to construct shell commands or PR summaries.
Audit Metadata