arinhub-submit-pr-review
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from GitHub (PR bodies, comments, and external log files) which could contain malicious instructions. However, this is inherent to the task of code review, and the risk is mitigated by the structured nature of the GitHub CLI operations.
- Ingestion points: Fetches PR metadata, existing comments, and reviews via
gh api. It also reads from a user-provided log file path. - Boundary markers: No specific boundary markers or 'ignore' instructions are provided when processing external content.
- Capability inventory: The skill can execute GitHub CLI commands (
gh api,gh pr comment) to write data back to the repository. - Sanitization: The skill attempts to sanitize the PR identifier by extracting only the number, and uses heredocs (
<<'EOF') in shell commands to prevent interpolation of the content being posted. - Command Execution (SAFE): The skill uses the GitHub CLI to interact with the repository. Commands are constructed using shell variables (e.g.,
$PR_NUMBER), but the logic is focused on standard PR management actions and includes parsing steps to isolate numerical identifiers.
Audit Metadata