Skills
skills/sd0xdev/sd0x-dev-flow/load-pr-review/Gen Agent Trust Hub

load-pr-review

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes untrusted PR review comments from external authors, which could contain malicious instructions meant to manipulate the agent.\n
  • Ingestion points: Untrusted comment bodies are fetched from the GitHub API using scripts/load-pr-review.js.\n
  • Boundary markers: SKILL.md (Step 2) uses [USER_CONTENT_START] and [USER_CONTENT_END] markers to isolate external reviewer comments and explicitly instructs background agents to ignore any instructions within these tags.\n
  • Capability inventory: The agent has access to powerful capabilities including Edit, Write, and Bash (gh/git) tools, which allow it to modify files and post replies based on the content of the reviews.\n
  • Sanitization: The scripts/load-pr-review.js script effectively mitigates shell injection by using jq to serialize the comment body into a JSON file, which is then passed to the gh API using the --input flag rather than being interpolated directly into a shell string.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 07:24 PM
Security Audit — agent-trust-hub — load-pr-review