Skills
skills/paulund/ai/pr-review/Gen Agent Trust Hub

pr-review

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes untrusted data from external sources (pull request diffs and issue bodies) while maintaining the capability to modify the repository.
  • Ingestion points: SKILL.md fetches untrusted external content via gh pr diff and gh issue view in Step 1.
  • Boundary markers: The instructions lack explicit delimiters or guidance to ignore embedded instructions within the PR diff or issue content.
  • Capability inventory: The skill is authorized to modify files (Step 4), perform git commit, git push, and create GitHub comments/issues using the gh CLI.
  • Sanitization: No sanitization or escaping mechanisms are specified for the external data before it is processed or used to generate fixes.
  • [COMMAND_EXECUTION]: The skill performs shell command execution using standard development tools (Git and GitHub CLI) and interpolates variable data into these commands.
  • Evidence: Multiple steps in SKILL.md use shell commands (gh pr view, gh pr diff, gh issue view, git commit, git push, gh issue create, gh pr comment) that incorporate dynamic PR and issue metadata.
  • Capability: The agent is instructed to write to the repository and modify the project state based on its analysis of external content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 05:44 PM
Security Audit — agent-trust-hub — pr-review