gh-review-requests
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local scripts via
uv runand interacts with the GitHub API using theghcommand-line interface. These operations are within the scope of the skill's intended functionality to retrieve notification and pull request data. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests and processes untrusted data (pull request titles, author names, and repository names) from the GitHub API.
- Ingestion points: Data enters the agent context via the
fetch_review_requests.pyscript and directgh apicalls to the notifications and pulls endpoints. - Boundary markers: The instructions do not specify any delimiters or warnings to the agent to ignore instructions embedded within the retrieved GitHub data.
- Capability inventory: The skill utilizes
uv runfor script execution and theghCLI for network-authenticated API requests. - Sanitization: While the skill suggests converting team names to lowercase-hyphenated slugs (input validation), there is no evidence of sanitization for the content retrieved from GitHub PR titles before they are presented in the final output table.
Audit Metadata