Skills
skills/hifisaputra/skills/review-prs/Gen Agent Trust Hub

review-prs

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data from GitHub Pull Requests. An attacker could potentially embed malicious instructions within a PR body or code comments to influence the AI's review behavior or output.
  • Ingestion points: PR metadata (titles, bodies) and code diffs are retrieved via gh pr list, gh pr view, and gh pr diff commands in SKILL.md.
  • Boundary markers: The skill does not employ explicit delimiters (e.g., XML tags) or specific instructions to the agent to treat PR content as untrusted data, increasing the risk of the agent following instructions embedded in the PR.
  • Capability inventory: The skill has the ability to post comments and reviews back to the GitHub repository using gh api and gh pr comment tools.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from GitHub before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill relies on the GitHub CLI (gh) to perform all its primary functions, including listing pull requests, viewing diffs, and posting automated comments and reviews. These operations are executed through shell commands that incorporate variables generated by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 05:54 AM