create-pull-request
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection from repository content.\n- Ingestion points: Processes output from
git diffandgit logto summarize changes (SKILL.md), which can contain untrusted content from commit messages or code diffs.\n- Boundary markers: Uses a quoted heredoc ('EOF') for shell interpolation in thegh pr createcommand. While this is a secure bash pattern for preventing simple expansion, it is susceptible to boundary escape if the generated PR body contains the delimiter string 'EOF'.\n- Capability inventory: Executesgitcontext commands andgh pr createfor remote repository operations.\n- Sanitization: No explicit sanitization or filtering of the git output is performed before it is processed by the agent or interpolated into the final PR creation command.
Audit Metadata