html-pr-review
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes common developer tools including
git diff,grep, andrg(ripgrep) to perform analysis of the local repository and retrieve surrounding code context for functions modified in a pull request. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from external sources.
- Ingestion points: The skill reads pull request titles, descriptions, and code hunks from git diffs or user-provided GitHub URLs (SKILL.md).
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the diff or description are provided to the agent.
- Capability inventory: The skill uses
git,grep, andrgfor read operations and writes the final HTML artifact to the~/artifacts/directory. - Sanitization: The instructions do not specify any sanitization or escaping for the external pull request content before it is interpolated into the generated HTML artifact.
- [SAFE]: All identified behaviors are consistent with the skill's stated purpose of assisting in code reviews. No malicious intent, data exfiltration, or unauthorized privilege escalation patterns were detected.
Audit Metadata