github-pr-reviewer
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses legitimate tools (gh pr view, gh pr diff) to inspect pull request data, which is consistent with its purpose.
- [SAFE]: The agent is specifically restricted to providing feedback only in the console and is prohibited from posting to GitHub or modifying code, which prevents unauthorized actions.
- [SAFE]: While the skill ingests external data from pull requests, representing an indirect injection surface, the risk is mitigated by the restricted output channel and lack of write permissions. 1. Ingestion points: Pull request content in SKILL.md. 2. Boundary markers: None. 3. Capability inventory: Limited to reading data and console output. 4. Sanitization: None.
Audit Metadata