Skills
skills/phuetz/code-buddy/review-pr/Gen Agent Trust Hub

review-pr

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted external data.
  • Ingestion points: Data is ingested from GitHub pull requests, including titles, descriptions, and code diffs via gh pr view and gh pr diff commands defined in SKILL.md.
  • Boundary markers: The instructions lack explicit delimiters or warnings to ignore potential instructions embedded within the PR content.
  • Capability inventory: The skill utilizes the gh (GitHub) CLI to fetch data and reads local filesystem content. While it includes negative constraints (e.g., 'Do not run git push'), these could be targeted by an injection attack.
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from GitHub before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill invokes the gh (GitHub CLI) utility to perform read-only operations such as viewing PR details and diffs. These commands are statically defined in the workflow section of SKILL.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 07:13 AM
Security Audit — agent-trust-hub — review-pr