Skills
skills/masterfermin02/agent-skills/pr-review/Gen Agent Trust Hub

pr-review

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill processes untrusted PR diffs and metadata which could contain malicious instructions designed to hijack the agent's logic during the review process.\n
  • Ingestion points: Fetches PR content directly from GitHub's official API (documented in SKILL.md).\n
  • Boundary markers: Absent. The skill does not use specific delimiters or instructions to ignore embedded commands within the fetched diff content.\n
  • Capability inventory: Network access (via curl) and file system writes (writing tokens to TOOLS.md).\n
  • Sanitization: Absent. The data is processed as-is for the review workflow.\n- [COMMAND_EXECUTION]: The skill uses curl to interact with the GitHub API by interpolating variables like {owner} and {repo} derived from user-provided URLs. This pattern relies on the execution environment to prevent shell injection if the inputs contain malicious characters.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 06:18 PM