gh-review-requests

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local scripts via uv run and interacts with the GitHub API using the gh command-line interface. These operations are within the scope of the skill's intended functionality to retrieve notification and pull request data.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests and processes untrusted data (pull request titles, author names, and repository names) from the GitHub API.
  • Ingestion points: Data enters the agent context via the fetch_review_requests.py script and direct gh api calls to the notifications and pulls endpoints.
  • Boundary markers: The instructions do not specify any delimiters or warnings to the agent to ignore instructions embedded within the retrieved GitHub data.
  • Capability inventory: The skill utilizes uv run for script execution and the gh CLI for network-authenticated API requests.
  • Sanitization: While the skill suggests converting team names to lowercase-hyphenated slugs (input validation), there is no evidence of sanitization for the content retrieved from GitHub PR titles before they are presented in the final output table.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 05:00 PM
Security Audit — agent-trust-hub — gh-review-requests