gh-pr-diff
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
gh(GitHub CLI) utility to fetch and display pull request diffs. This is an expected and legitimate use of developer tools. - [SAFE]: All network operations are directed towards GitHub, a well-known service for source control. No unauthorized network communication or data exfiltration attempts were found.
- [SAFE]: Analysis of the instructions and examples shows no evidence of obfuscation, credential harvesting, or attempts to bypass security controls.
- [SAFE]: Although the skill processes external data from pull requests (a surface for indirect prompt injection), it does not include instructions that would cause the agent to execute untrusted code or commands derived from that content.
Audit Metadata