review-cloud
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its primary function of PR management using local scripts and the authenticated GitHub CLI to interact with GitHub, which is a well-known and trusted service. No privilege escalation or unauthorized data access was found.
- [PROMPT_INJECTION]: The skill inherently processes untrusted external content (GitHub PR comments and CI logs), creating a surface for indirect prompt injection.
- Ingestion points: External data is fetched via
scripts/fetch-pr-feedback.shandscripts/investigate-ci-failures.sh. - Boundary markers: Absent; the agent receives the raw output of the data-fetching scripts.
- Capability inventory: The skill has the capability to execute shell commands (
git,gh,pnpm), modify project files, and perform network requests via the GitHub API. - Sanitization: Absent. This finding is classified as safe because the processing of PR data is the core objective of the skill, and the instructions specifically provide an assessment protocol that requires the agent to verify all suggestions with evidence before acting.
Audit Metadata