Skills
skills/mastra-ai/mastra/pr-explainer/Gen Agent Trust Hub

pr-explainer

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute git commands including git status, git log, git diff, and git show to collect information about pull requests and code changes.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from pull request diffs and commit messages.
  • Ingestion points: Content from git diff, git log, and git show outputs are processed to generate the HTML report.
  • Boundary markers: The instructions do not specify any markers or delimiters to isolate untrusted code content from the analysis logic.
  • Capability inventory: The skill has the capability to execute shell commands (git) and write files to the local .pr-review/ directory.
  • Sanitization: There is no mention of sanitizing or escaping the content retrieved from the git repository before it is included in the generated HTML.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 10:10 AM