Skills
skills/mrsekut/agent-skills/pr-review-companion/Gen Agent Trust Hub

pr-review-companion

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the gh (GitHub CLI) to perform operations such as viewing PR details (gh pr view) and fetching diffs (gh pr diff). These commands are executed based on user-provided PR URLs or numbers.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and summarize untrusted content from GitHub Pull Requests, which could include malicious instructions intended to manipulate the agent's behavior.
  • Ingestion points: Pull request titles, descriptions, and commit metadata fetched via the gh CLI (SKILL.md).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing the retrieved PR content.
  • Capability inventory: The agent has the capability to execute shell commands (via the gh tool) and perform local file system operations (creating and reading files in the .review-notes/ directory).
  • Sanitization: There is no evidence of sanitization or filtering applied to the external data before it is presented to the agent for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 02:37 PM