html-pr-review

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes common developer tools including git diff, grep, and rg (ripgrep) to perform analysis of the local repository and retrieve surrounding code context for functions modified in a pull request.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from external sources.
  • Ingestion points: The skill reads pull request titles, descriptions, and code hunks from git diffs or user-provided GitHub URLs (SKILL.md).
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the diff or description are provided to the agent.
  • Capability inventory: The skill uses git, grep, and rg for read operations and writes the final HTML artifact to the ~/artifacts/ directory.
  • Sanitization: The instructions do not specify any sanitization or escaping for the external pull request content before it is interpolated into the generated HTML artifact.
  • [SAFE]: All identified behaviors are consistent with the skill's stated purpose of assisting in code reviews. No malicious intent, data exfiltration, or unauthorized privilege escalation patterns were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 05:31 AM
Security Audit — agent-trust-hub — html-pr-review