review-pr
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for local processing of pull request data. It consumes 'pr_diff.txt' and 'pr_description.txt' to generate a 'review.json' file.
- [COMMAND_EXECUTION]: The skill uses
jqsolely for the purpose of validating the generated JSON output, which is a standard development practice. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data (PR diffs and descriptions). While this is an ingestion surface, the risk is mitigated because the skill's instructions specifically restrict it from executing commands that post to GitHub (e.g.,
gh pr review) and limit its output to a local JSON file.
Audit Metadata