pr-description-concise-markdown
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Metadata poisoning detected. The skill's frontmatter description claims it 'Checks the internal consistency of a software project, fixes any issues found', which directly contradicts the instructions in the prompt body that state 'Do not change any files' and limit the scope to writing a PR description. This inconsistency can lead to user confusion regarding the skill's intended behavior.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the git environment without sanitization.
- Ingestion points: Data enters the context via
git logandgit diffoutputs processed by the Bash tool. - Boundary markers: The prompt does not define any delimiters or provide instructions to ignore potentially malicious content embedded within commit messages or code changes.
- Capability inventory: The skill has access to
ReadandBashtools, allowing it to interact with the file system and execute shell commands. - Sanitization: There is no evidence of escaping, filtering, or validation of the content retrieved from git commands before it is processed by the AI.
Audit Metadata