octocode-pull-request-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell-based git commands (status, diff, log, and branch) to retrieve metadata and code differences for local reviews. These commands are limited to state observation and are essential for the tool's core functionality.
- [PROMPT_INJECTION]: The skill processes untrusted input from code repositories, including pull request descriptions, comments, and file content. This creates an attack surface for indirect prompt injection where an attacker could embed instructions in the code or PR comments to manipulate the agent's behavior.
- Ingestion points: PR metadata and comments via githubSearchPullRequests, and file content via githubGetFileContent or localGetFileContent.
- Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands in the processed data.
- Capability inventory: The skill has permissions to read files, perform LSP-based code analysis, and write review reports to the filesystem after user approval.
- Sanitization: There is no evidence of input validation or sanitization for the data retrieved from external sources.
Audit Metadata