Skills
skills/0xdeafcafe/skills/review-pr/Gen Agent Trust Hub

review-pr

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes gh and git CLI tools to retrieve pull request metadata and code diffs. The execution environment is restricted by the allowed-tools frontmatter, which scopes access to specific toolsets.
  • [DATA_EXFILTRATION]: The skill reads data from pull requests and, in comment mode, posts findings back to the GitHub PR using gh pr comment. This is consistent with the skill's primary function and occurs within the established tool boundaries.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from pull request diffs, bodies, and comments.
  • Ingestion points: Pull request metadata and diffs retrieved via gh pr view and gh pr diff (SKILL.md, Phase 1).
  • Boundary markers: The skill includes a specific mitigation in the 'Operating rules' section, instructing the agent to treat PR content as untrusted input and disregard any embedded instructions.
  • Capability inventory: The agent possesses the ability to execute Git/GitHub commands and dispatch sub-tasks via the Task and Skill tools.
  • Sanitization: Relies on instructional guardrails rather than explicit data sanitization or structural isolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 02:07 AM
Security Audit — agent-trust-hub — review-pr