Skills
skills/caidanw/skills/pr-review-triage/Gen Agent Trust Hub

pr-review-triage

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes pull request comments authored by external parties.\n
  • Ingestion points: Data retrieved from GitHub via gh pr view and gh api in SKILL.md.\n
  • Boundary markers: The skill does not define clear delimiters or "ignore" instructions to help the agent distinguish its instructions from the ingested content.\n
  • Capability inventory: The skill uses the gh CLI for read operations; the body explicitly restricts the agent from writing files or posting network responses based on the triaged data.\n
  • Sanitization: No sanitization or validation of the comment content is performed before processing.\n- [COMMAND_EXECUTION]: The skill utilizes the gh CLI to interact with GitHub and performs shell commands with user-supplied parameters.\n
  • Evidence: Uses gh pr view <number-or-url> and gh api calls to fetch data.\n
  • Risk: User-provided inputs such as PR numbers or URLs are directly interpolated into shell commands, which could lead to command injection if the underlying agent does not properly escape the arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 10:20 PM
Security Audit — agent-trust-hub — pr-review-triage