pr-review-fix

Fail

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill checkouts and executes code from untrusted pull request branches. During the fix workflow, it runs 'npm ci', 'npm run build', and 'npm run test' on the untrusted branch. Malicious pull requests can contain arbitrary code in package lifecycle scripts, build configurations, or test suites that execute when these commands are triggered.
  • [COMMAND_EXECUTION]: Uses shell commands ('git', 'gh', 'npm') to manage the repository, compile code, execute tests, and push changes to the remote origin. This provides a direct path for executing operations defined in untrusted branches.
  • [EXTERNAL_DOWNLOADS]: Fetches pull request branches from GitHub and downloads Node.js dependencies from the npm registry via 'npm ci'.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection from pull request bodies and review comments. Ingestion points: PR metadata and comments fetched via 'gh' commands in 'references/discovery.md'. Boundary markers: None identified. Capability inventory: Shell access, file system modification, and repository write access. Sanitization: No sanitization of the untrusted text is performed before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 18, 2026, 04:58 PM
Security Audit — agent-trust-hub — pr-review-fix