gh-pr-diff

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the gh (GitHub CLI) utility to fetch and display pull request diffs. This is an expected and legitimate use of developer tools.
  • [SAFE]: All network operations are directed towards GitHub, a well-known service for source control. No unauthorized network communication or data exfiltration attempts were found.
  • [SAFE]: Analysis of the instructions and examples shows no evidence of obfuscation, credential harvesting, or attempts to bypass security controls.
  • [SAFE]: Although the skill processes external data from pull requests (a surface for indirect prompt injection), it does not include instructions that would cause the agent to execute untrusted code or commands derived from that content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 11:26 PM
Security Audit — agent-trust-hub — gh-pr-diff