Skills
skills/automattic/wp-calypso/reader-protocol-pr-review/Gen Agent Trust Hub

reader-protocol-pr-review

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands, specifically git, to compare commits and branches in a local directory (/Users/pfefferle/Code/wp-calypso) as part of its review process.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with external services by using the GitHub CLI (gh api) to post review comments and replies to the Automattic/wp-calypso repository. These network operations target a trusted organization.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to process untrusted external data (Pull Request diffs, descriptions, and comments).
  • Ingestion points: Pull Request diffs, branch content, and PR metadata processed in SKILL.md.
  • Boundary markers: The skill does not specify any delimiters or instructions to ignore potential instructions embedded within the PR content.
  • Capability inventory: The skill can execute local git commands and write to GitHub via gh api.
  • Sanitization: No sanitization or filtering of the ingested PR data is mentioned in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 10:30 PM
Security Audit — agent-trust-hub — reader-protocol-pr-review