pr-walkthrough
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from pull requests and branch diffs, which creates a potential surface for indirect prompt injection where malicious code comments or documentation could attempt to influence agent behavior.
- Ingestion points: Pull request URLs, branch diffs, commit history, and the surrounding codebase (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are mentioned.
- Capability inventory: The skill can read files, access git history, and suggest the execution of shell commands (SKILL.md).
- Sanitization: No explicit content sanitization or validation of the analyzed diffs is described.
- [COMMAND_EXECUTION]: The skill instructs the agent to suggest shell commands like
pnpm test,typecheck, orbuildto aid in the walkthrough process. While these are potentially dangerous, the skill explicitly mandates that the agent must ask for user confirmation before running any mutating or significant command (SKILL.md).
Audit Metadata