Skills
skills/paulund/ai/dev-review/Gen Agent Trust Hub

dev-review

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes gh CLI commands (pr list, pr view, pr diff) to interact with the repository's pull requests. These operations are essential for the skill's function and are limited to read-only access.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests and processes untrusted data from GitHub pull requests. An attacker could potentially include malicious instructions in a PR description or diff to manipulate the agent's analysis.
  • Ingestion points: Content is ingested from gh pr view and gh pr diff in SKILL.md.
  • Boundary markers: The instructions do not define clear boundaries or 'ignore' directives for the content retrieved from external sources.
  • Capability inventory: The skill is configured to use standard GitHub CLI tools for reading data.
  • Sanitization: There is no evidence of filtering or sanitizing the content fetched from the pull requests before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 04:15 PM
Security Audit — agent-trust-hub — dev-review