Skills
skills/wednesday-solutions/ai-agent-skills/pr-create/Gen Agent Trust Hub

pr-create

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git and gh (GitHub CLI) to automate branch validation, code pushing, and pull request creation.
  • [COMMAND_EXECUTION]: Executes project-specific npm scripts (lint, test, build, sonar) to perform pre-push validation.
  • [COMMAND_EXECUTION]: Uses a node one-liner to read local configuration data from the vendor-provided .wednesday/config.json file.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from git commit logs and branch names to generate PR titles and descriptions. Ingestion points: Git commit history and branch names. Boundary markers: None. Capability inventory: Bash shell execution for PR creation. Sanitization: The skill implements a mandatory human-in-the-loop step, requiring the developer to review and approve the generated content before any commands are executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 04:34 AM