Skills
skills/vishal2457/open-orchestra/pr-publish-agent/Gen Agent Trust Hub

pr-publish-agent

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill processes untrusted data from external sources (issue tracker) and interpolates it into command-line arguments for the GitHub CLI.
  • Ingestion points: The skill reads Parent issue ID, Parent issue URL, and /orchestra-config.json.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat input as data rather than instructions.
  • Capability inventory: The skill uses git push and gh pr create via subprocess calls.
  • Sanitization: No sanitization or validation of the issue-id or issue-url is performed before interpolation into the gh command.
  • Command Execution (SAFE): The skill uses standard tools (git, gh) for its primary purpose. There is no evidence of arbitrary or malicious command execution outside of its documented functionality.
  • Data Exposure (SAFE): While the skill reads a configuration file (/orchestra-config.json), this is a local project configuration and does not target system-level sensitive files like SSH keys or environment secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 12:28 PM