pr-review
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it retrieves content from external, potentially untrusted sources.\n
- Ingestion points:
scripts/check-pr-feedback.sh,scripts/check-new-feedback.sh, andscripts/wait-for-reviews.shfetch raw comment and review text from the GitHub API.\n - Boundary markers: The scripts provide output structure using text headers (e.g., '📝 NEW CONVERSATION COMMENTS') and triple-dash ('---') separators between entries.\n
- Capability inventory: The skill allows the agent to commit code, push to remote repositories, and execute project-specific test and build commands.\n
- Sanitization: No programmatic sanitization is applied to the fetched text; the skill relies on instructional guidance warning the agent to verify all feedback before acting on it.
Audit Metadata