Skills
skills/paulund/ai/pr-security-review/Gen Agent Trust Hub

pr-security-review

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill features a surface for indirect prompt injection because it ingests untrusted data from Pull Request diffs and metadata.
  • Ingestion points: PR diffs and metadata are retrieved via gh pr view and gh pr diff as described in SKILL.md.
  • Boundary markers: Absent; the instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the diff content.
  • Capability inventory: The skill has the ability to write to the repository (git commit, git push), create issues (gh issue create), and post comments (gh pr comment).
  • Sanitization: There are no explicit requirements for the agent to sanitize or validate the PR content before it is processed or used in shell commands and PR comments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 05:44 PM
Security Audit — agent-trust-hub — pr-security-review