Skills
skills/openhands/skills/setup-pr-review/Gen Agent Trust Hub

setup-pr-review

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill assists in configuring a GitHub Actions workflow using official OpenHands infrastructure (docs.all-hands.dev and the OpenHands/extensions repository).
  • [CREDENTIALS_UNSAFE]: The skill provides guidance on setting up an LLM_API_KEY. It correctly directs the user to store the key in GitHub Secrets and explicitly instructs the agent not to ask for or touch the secret value.
  • [EXTERNAL_DOWNLOADS]: The instructions require fetching a template from the official documentation site (https://docs.all-hands.dev). This is a safe operation as it targets a well-known service associated with the skill author.
  • [PROMPT_INJECTION]: The skill creates an automated pipeline that processes untrusted data from pull requests. This presents an indirect prompt injection surface. (1) Ingestion points: Pull request diffs, descriptions, and comments processed by the created .github/workflows/pr-review.yml (SKILL.md). (2) Boundary markers: None specified in the workflow configuration instructions. (3) Capability inventory: Posting inline comments on GitHub pull requests. (4) Sanitization: Not specified in the skill configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 04:51 PM
Security Audit — agent-trust-hub — setup-pr-review