review-pr
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill methodology relies entirely on standard, read-only version control commands (git log, git diff, git show) and the GitHub CLI (gh pr view) to gather context for a review.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted external data, including pull request descriptions, commit messages, and repository source code, which are potential vectors for indirect prompt injection.
- Ingestion points: Pull request metadata via
gh pr view, commit history viagit log, and file contents viagit show(SKILL.md). - Boundary markers: The instructions do not define specific delimiters for separating untrusted content from the agent's instructions, though they emphasize independent judgment.
- Capability inventory: The skill is limited to shell execution of standard Git and GitHub CLI commands. It does not contain file-write, arbitrary network requests, or privilege escalation capabilities.
- Sanitization: No explicit sanitization of command output is performed; the skill relies on the agent's analytical capabilities to distinguish between code content and instructions.
Audit Metadata