pr-review
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill fetches and displays raw comment content from external GitHub users and bots, which could contain malicious instructions aimed at influencing the AI agent's actions during the PR review process.
- Ingestion points:
scripts/check-pr-feedback.sh(GitHub API calls for conversation comments, inline comments, and review bodies). - Boundary markers: Present as visual separators (e.g.,
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━and section headers) but no explicit instructions are provided to the agent to disregard instructions embedded in the fetched text. - Capability inventory: The
SKILL.mdworkflow includesgit commit,git push, and the execution of project-specific test commands (e.g.,npm test,pytest). - Sanitization: None; fetched text is piped directly to the agent's context via standard output.
- [External Downloads] (SAFE): The skill requires the GitHub CLI (
gh), a trusted tool from a reputable source (GitHub/Microsoft). No unknown third-party binaries or scripts are downloaded or executed by the skill itself.
Audit Metadata