Skills
skills/glincker/claude-code-marketplace/pr-reviewer/Gen Agent Trust Hub

pr-reviewer

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to perform git operations (git diff) and interact with the GitHub CLI (gh pr view, gh pr comment). These are standard behaviors for a development-focused tool.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from pull request diffs and descriptions without sanitization or boundary markers.
  • Ingestion points: PR details and code changes are ingested via git diff and gh pr view in Phase 1 of the SKILL.md instructions.
  • Boundary markers: Absent. The instructions for the five specialized sub-agents in Phase 2 do not include delimiters or instructions to ignore embedded commands within the code being analyzed.
  • Capability inventory: The skill has access to Bash (command execution), Write (file creation), and Task (agent spawning) across its workflow.
  • Sanitization: Absent. There is no evidence of input validation or escaping for the data retrieved from external sources before it is passed into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 11:48 PM
Security Audit — agent-trust-hub — pr-reviewer