pr-review
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a structured PR review process using co-located instruction files (
_review-core.md,agents/devils-advocate.md,agents/jira-completeness.md). - [SAFE]: It utilizes standard system tools like
gitandgh(GitHub CLI) to fetch diffs and metadata. Environment detection logic appropriately distinguishes between restricted CI environments and local environments with network access. - [SAFE]: The JIRA integration uses the official
mcp__atlassiantools to fetch issue details from a specified Cloud ID, which is a standard pattern for MCP-based Jira interactions. - [SAFE]: The skill implements a 'Devil's Advocate' mode and 'Full' mode that spawns sub-agents for specialized analysis. These sub-agents are constrained by the same safety and methodology guidelines as the primary agent.
- [SAFE]: No evidence of prompt injection, data exfiltration, or unauthorized command execution was found. The instructions emphasize flagging only actionable issues introduced by the PR and explicitly exclude non-relevant concerns like style issues or unmodified code.
Audit Metadata