review-pr
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell-based git commands (
git fetch,git log,git diff) to retrieve the latest state and changes of a Pull Request from a remote repository. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it is designed to ingest and analyze untrusted data from Pull Requests (code changes, comments, and file contents).
- Ingestion points: Code diffs and file content retrieved via git commands in
SKILL.md. - Boundary markers: The instructions do not define clear delimiters or specific instructions to the agent to ignore potential malicious prompts embedded within the PR content.
- Capability inventory: Includes shell command execution via git, the ability to launch subagents, and the invocation of external skills for duplication and complexity analysis.
- Sanitization: No specific sanitization, filtering, or validation of the PR content is described.
Audit Metadata