create-pr
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No behavior-overriding instructions detected. The instructions follow clear procedural logic for PR management.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or unauthorized data exfiltration. The skill includes a 'security-auditor' sub-agent specifically designed to detect secrets in PR diffs, which is a significant security best practice.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill relies on standard, trustworthy development tools (gh CLI, npm, poetry). Sub-agents are used for analysis rather than executing arbitrary remote code.
- [Privilege Escalation] (SAFE): No use of sudo or modification of system-level permissions. All operations are performed within the user's git repository scope.
- [Persistence Mechanisms] (SAFE): No attempts to modify shell profiles or create background services/cron jobs.
- [Indirect Prompt Injection] (SAFE): While the skill processes untrusted git diffs via sub-agents (Category 8), this is the primary intended function of a PR review tool. The risk is mitigated by explicit prompting that restricts sub-agents to the PR scope and directs them to perform security audits.
- [Dynamic Execution] (SAFE): No use of unsafe deserialization or runtime code generation from untrusted sources.
Audit Metadata