octocode-pull-request-reviewer
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell git commands (git status, git diff, git branch, git log) to identify changes and retrieve diffs from the local working tree and staged area.
- [EXTERNAL_DOWNLOADS]: Visual assets and configuration documentation are fetched from the author's public GitHub repository (bgauryy/octocode-mcp), which is a well-known service.
- [REMOTE_CODE_EXECUTION]: The installation instructions recommend using npx to execute the octocode-mcp server and the npx add-skill command for installation, which is a standard method for Node.js-based agent tools.
- [PROMPT_INJECTION]: The skill processes untrusted data from external sources such as Pull Request code, developer comments, and local file changes, creating an attack surface for indirect prompt injection.
- Ingestion points: Data enters the context through
githubSearchPullRequests(comments/metadata),git diff, andlocalGetFileContent(source code). - Boundary markers: Instructions do not specify explicit delimiters or "ignore embedded instructions" warnings when interpolating code changes into analysis prompts.
- Capability inventory: The agent has access to shell execution (
git), filesystem write permissions (.octocode/report directory), and network connectivity via the GitHub API tools. - Sanitization: No sanitization or validation of the ingested code content is performed before it is analyzed by the agent.
- [SAFE]: No obfuscation, hidden URLs, unauthorized data exfiltration, or unauthorized privilege escalation attempts were found in the skill's instructions or logic.
Audit Metadata