pr-review
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a sophisticated PR review workflow designed to minimize bias through subagent isolation. No malicious patterns, obfuscation, or unauthorized access were detected.\n- [COMMAND_EXECUTION]: The skill utilizes
gitand the GitHub CLI (gh) to retrieve PR diffs and publish review findings. These actions are transparent and necessary for the skill's stated purpose of reviewing code changes.\n- [PROMPT_INJECTION]: The skill processes untrusted data from PR diffs and descriptions as part of its review function, creating a surface for indirect prompt injection. \n - Ingestion points: PR diffs, PR descriptions, and specifications are retrieved via GitHub API and user input (SKILL.md).\n
- Boundary markers: The subagent prompts do not specify explicit delimiters or instructions to ignore embedded commands for the untrusted content they analyze.\n
- Capability inventory: The skill has capabilities to read/write PR comments and update commit statuses via the GitHub CLI (SKILL.md).\n
- Sanitization: No explicit sanitization or filtering of the untrusted diff content is performed before analysis.
Audit Metadata