Skills
skills/sisodiabhumca/agent-skills/pr-review-summarizer/Gen Agent Trust Hub

pr-review-summarizer

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The review.py script executes the gh and glab command-line tools to fetch pull request data. The implementation uses Python's subprocess.check_output with argument lists, which correctly mitigates the risk of shell injection vulnerabilities when handling user-provided repository names and PR numbers.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) as it processes untrusted input from external code diffs.
  • Ingestion points: Diff content is read from local files, standard input, or fetched from external Git hosting services.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between the skill's operational instructions and the potentially adversarial text within the code diffs.
  • Capability inventory: The skill has the ability to execute shell commands and write to the local file system via the review.py script.
  • Sanitization: While the script parses the structural metadata of a diff (e.g., added/removed lines), the text content is passed to the AI agent without sanitization, allowing embedded instructions to potentially influence the agent's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 04:12 PM
Security Audit — agent-trust-hub — pr-review-summarizer