html-pr-review
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted pull request descriptions and code diffs which are external inputs that can be controlled by an attacker. This creates an indirect prompt injection surface where malicious instructions could be embedded in the PR content to influence the agent's analysis or report generation.
- Ingestion points: Pull request diffs and author descriptions in SKILL.md.
- Boundary markers: No explicit boundary markers or instruction-ignoring delimiters are used for the ingested content.
- Capability inventory: The skill can execute shell commands like git, grep, and rg and write files to the local filesystem.
- Sanitization: No sanitization or escaping of the ingested untrusted content is described.
Audit Metadata