pr-review-loop
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from pull request comments and has the capability to modify and push code.
- Ingestion points: Pull request comments are fetched using the
get-review-comments.shscript as described inSKILL.md. - Boundary markers: The skill contains a 'Be Skeptical of Reviews' section instructing the agent to evaluate suggestions critically, but it lacks technical delimiters or explicit 'ignore' instructions for the ingested data.
- Capability inventory: The skill has access to code modification tools and uses
commit-and-push.shto execute shell commands for git operations. - Sanitization: There is no evidence of automated sanitization or validation of the comment content before it is processed by the agent context.
- [COMMAND_EXECUTION]: The skill executes multiple local bash scripts (
commit-and-push.sh,trigger-review.sh,summarize-reviews.sh,get-review-comments.sh,reply-to-comment.sh) to interact with the environment. These scripts represent the execution surface for the agent's actions based on the processed review feedback.
Audit Metadata