pr-code-review
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core workflow involves processing untrusted external data from GitHub Pull Requests.
- Ingestion points: The skill ingests Pull Request titles, descriptions, and code diffs using
gh pr viewandgh pr diffas described in the "Step-by-step" section ofSKILL.md. - Boundary markers: There are no instructions or patterns provided to use delimiters or specific warnings to ignore instructions that might be embedded within the PR content.
- Capability inventory: The skill utilizes the
gh apitool to perform write operations, such as posting review comments and verdicts (Step 6), which could be manipulated by a successful injection. - Sanitization: The skill lacks steps to sanitize, validate, or escape the content of the Pull Request before it is included in the agent's context for analysis.
Audit Metadata