Skills
skills/outlinedriven/odin-claude-plugin/pr-reviews/Gen Agent Trust Hub

pr-reviews

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute gh CLI commands, including gh pr list, gh pr view, and gh pr diff. These commands are used to interact with the repository and fetch pull request data for analysis.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests and processes untrusted external data from GitHub Pull Requests. A malicious PR could contain instructions designed to influence the agent's review or bypass its constraints.
  • Ingestion points: PR metadata and code diffs enter the context via gh pr view and gh pr diff commands specified in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the PR content.
  • Capability inventory: The skill relies on shell command execution via the gh CLI to read data.
  • Sanitization: No sanitization or validation of the PR content is performed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 05:14 PM