create-pr
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Utilizes the Bash tool to run git operations for branch management and the GitHub CLI for creating and monitoring pull requests as part of its primary workflow.
- [COMMAND_EXECUTION]: Executes local project scripts, such as npm or pytest commands, to validate code quality and test coverage prior to PR submission.
- [EXTERNAL_DOWNLOADS]: Recommends the installation of a playground plugin from a trusted organization's official plugin marketplace to generate visual PR previews.
- [PROMPT_INJECTION]: Features an indirect prompt injection surface through the ingestion of external data. 1. Ingestion points: User-supplied PR titles and agent activity logs. 2. Boundary markers: Employs HEREDOC delimiters in shell commands to encapsulate the PR body. 3. Capability inventory: Access to Bash, Skill, and Cron tools. 4. Sanitization: Lacks explicit sanitization for interpolated agent activity summaries and user arguments.
Audit Metadata