Skills
skills/leonvanzyl/agentic-coding-starter-kit/review-pr/Gen Agent Trust Hub

review-pr

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes untrusted data from GitHub pull requests.
  • Ingestion points: The skill fetches pull request metadata (title, body, comments) and code diffs using the gh pr view and gh pr diff commands in SKILL.md.
  • Boundary markers: The instructions do not define clear boundaries or 'ignore' directives to prevent the agent from obeying instructions embedded within the PR content.
  • Capability inventory: The skill uses the gh CLI tool and has the ability to spawn deep-dive sub-agents using the Agent tool.
  • Sanitization: There is no evidence of sanitization or filtering of the PR content before it is analyzed by the primary agent or passed to sub-agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 02:42 AM
Security Audit — agent-trust-hub — review-pr