arinhub-review-pr
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it processes untrusted external data from GitHub pull requests.
- Ingestion points: The skill ingests PR code, descriptions, and linked issue content via its subagents (
code-reviewer,octocode-research, etc.). - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are defined when passing PR data to subagents.
- Capability inventory: The skill can write to the local filesystem (
~/.agents/logs/) and triggers subagents capable of submitting comments/reviews to GitHub. - Sanitization: There is no explicit sanitization or filtering of the PR content before it is processed by the LLM-based subagents.
- Data Exposure & Exfiltration (SAFE): The skill writes to
~/.agents/logs/. While this involves local file access, it is restricted to a specific log directory and does not target sensitive system files or credentials. - External Downloads (SAFE): No external scripts or packages are downloaded at runtime. It relies on other skills assumed to be present in the agent's environment.
Audit Metadata