awesome-web-agents-pr-review
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
gh(GitHub CLI) andgitcommands to view, diff, and fetch pull request data. These operations are limited to the specific repositorysteel-dev/awesome-web-agentsand are consistent with the skill's stated purpose. - [COMMAND_EXECUTION]: The workflow involves executing a local Python script
scripts/validate_contribution.pyto perform structural checks. This script belongs to the repository provided by the vendor. - [PROMPT_INJECTION]: The skill processes untrusted external data from GitHub pull request titles, descriptions, and code patches, which presents an attack surface for indirect prompt injection.
- Ingestion points: Pull request metadata and diff content via
gh pr viewandgh pr diffinSKILL.md. - Boundary markers: None explicitly defined to isolate untrusted PR content from the agent's instructions.
- Capability inventory: The skill has access to the local filesystem, network (via
ghandgit), and the ability to execute Python scripts. - Sanitization: No content sanitization or validation of the PR text is specified before the agent processes it.
Audit Metadata