Skills
skills/openhands/extensions/github-pr-review/Gen Agent Trust Hub

github-pr-review

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted code from Pull Requests, creating an indirect prompt injection surface.\n
  • Ingestion points: Pull Request diffs and file contents are analyzed by the agent to generate review comments (README.md, SKILL.md).\n
  • Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat the PR content as untrusted or to ignore embedded instructions during the analysis phase.\n
  • Capability inventory: The skill allows the agent to execute shell commands using gh api and curl to post feedback to the repository (SKILL.md, README.md).\n
  • Sanitization: The instructions explicitly recommend using JSON input files (/tmp/review.json) with the GitHub CLI and the @filename syntax with curl to prevent shell command injection that could occur if potentially malicious strings from the code review were directly interpolated into shell commands.\n- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) and curl to interact with GitHub's API for posting PR reviews.\n
  • The commands target the official GitHub API, which is a well-known service.\n
  • Security best practices are recommended, such as using the --input flag for the GitHub CLI to handle complex or untrusted comment bodies safely.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:58 PM
Security Audit — agent-trust-hub — github-pr-review