reviewing-prs
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the 'gh-agent' utility via 'brew install ataraxy-labs/tap/gh-agent'. The repository 'ataraxy-labs' is not on the trusted organizations list, meaning the tool and its dependencies are unverified.
- COMMAND_EXECUTION (LOW): The skill heavily utilizes shell command execution for PR management (e.g., 'gh-agent pr view', 'gh-agent pr diff'). While these are functional requirements, they execute a third-party binary with arguments derived from external inputs.
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted Pull Request content which could contain malicious instructions designed to influence the agent's review or actions.
- Ingestion points: Untrusted data enters via 'gh-agent pr diff', 'gh-agent pr file', and search commands that read code from PR branches.
- Boundary markers: The instructions lack delimiters or warnings to treat PR content as untrusted, increasing the risk of the agent obeying instructions embedded in code comments or diffs.
- Capability inventory: The skill includes 'gh-agent pr review' and 'gh-agent pr suggest', allowing the agent to write comments and code suggestions back to GitHub based on its analysis of untrusted data.
- Sanitization: No sanitization or validation of the PR content is performed before it is presented to the agent for triage and review.
Audit Metadata