pr-review-expert
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) due to its processing of untrusted external data.\n
- Ingestion points: Reads pull request metadata and code diffs directly from external sources using
gh pr viewandgh pr diff.\n - Boundary markers: The instructions do not define delimiters or protective instructions to isolate untrusted PR text from the agent's logic.\n
- Capability inventory: The skill has the capability to execute shell commands (e.g.,
npm test,pytest,gh) and perform network requests viacurl.\n - Sanitization: There is no evidence of sanitization or validation of the PR content before it is processed for review.\n- [COMMAND_EXECUTION]: Uses established command-line utilities including
gh,glab,grep,jq, andwcto interact with repositories and analyze code. These operations are standard and necessary for a pull request review tool.\n- [DATA_EXFILTRATION]: Performs network requests to official Jira and Linear API endpoints to verify issue status. These communications use environment variables for authentication and target well-known, trusted services.
Audit Metadata