pr-reviewer
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill defines a robust and safe workflow for performing local code reviews. It uses internal reference files to guide the AI in identifying legitimate issues while ignoring stylistic or subjective preferences.
- [COMMAND_EXECUTION]: The skill instructs the AI to run standard project scripts such as linting, type-checking, and testing found in the local package.json file. This is standard functionality for development-oriented agents and does not involve downloading or executing untrusted remote scripts.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from local code diffs and branch comparisons (Ingestion points). Boundary markers are not explicitly defined in the prompt instructions. The capability inventory includes executing local project scripts from the package.json file. Sanitization is achieved through the skill's mandatory validation steps and structured reporting format, which ensure the agent remains focused on the review task rather than executing embedded instructions.
Audit Metadata