Skills
skills/afollestad/personal-ai-skills/review-github-pr/Gen Agent Trust Hub

review-github-pr

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the gh CLI to interact with GitHub repositories. It constructs commands using variables (like repository owner, name, and file paths) extracted from the PR metadata. This is standard functionality for GitHub integration and is handled appropriately.
  • [PROMPT_INJECTION]: As the skill reads and analyzes untrusted code from pull requests, it is theoretically susceptible to indirect prompt injection (where malicious instructions are hidden in the code being reviewed). This risk is mitigated by the skill's specific task instructions and the requirement for the user to review and manually approve the generated comments before they are posted to GitHub.
  • [DATA_EXFILTRATION]: The skill requires internet access to communicate with GitHub's API via the gh tool. No evidence was found of data being sent to unauthorized third-party services or non-whitelisted domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 06:21 PM