open-pr
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
bunxto download and execute the@willbooster/agent-skillspackage from the NPM registry. This package belongs to the skill's author and contains the logic for creating pull requests. - [COMMAND_EXECUTION]: The skill executes the
open-prcommand to automate the pull request workflow. It uses a quoted here-document (<<'EOF') to pass the pull request description, which is a security best practice that prevents the shell from interpreting variables or commands within the PR body text.
Audit Metadata