pr-code-review

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core workflow involves processing untrusted external data from GitHub Pull Requests.
  • Ingestion points: The skill ingests Pull Request titles, descriptions, and code diffs using gh pr view and gh pr diff as described in the "Step-by-step" section of SKILL.md.
  • Boundary markers: There are no instructions or patterns provided to use delimiters or specific warnings to ignore instructions that might be embedded within the PR content.
  • Capability inventory: The skill utilizes the gh api tool to perform write operations, such as posting review comments and verdicts (Step 6), which could be manipulated by a successful injection.
  • Sanitization: The skill lacks steps to sanitize, validate, or escape the content of the Pull Request before it is included in the agent's context for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 05:32 AM
Security Audit — agent-trust-hub — pr-code-review