Skills
skills/metyatech/skill-pr-review-workflow/pr-review-workflow/Gen Agent Trust Hub

pr-review-workflow

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The AGENTS.md file defines a 'Session gate' requiring the agent to run 'compose-agentsmd' before responding to any user message. This ensures the tool is executed at the start of every interaction.
  • [EXTERNAL_DOWNLOADS]: The skill requires external resources: it instructs the agent to install 'compose-agentsmd' via 'npm install -g' and fetches global rules from 'github:metyatech/agent-rules@HEAD' via the 'agent-ruleset.json' configuration.
  • [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection. 1. Ingestion points: PR review feedback and notifications addressed in 'SKILL.md'. 2. Boundary markers: Absent; no instructions are provided to delimit or ignore instructions in processed PR content. 3. Capability inventory: Shell execution ('compose-agentsmd', 'npm'), Git operations, and GitHub API operations ('DELETE', 'POST'). 4. Sanitization: Absent; no validation is performed on retrieved PR content before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 07:23 AM