Skills
skills/bmad-code-org/bmad-method/bmad-os-review-pr/Gen Agent Trust Hub

bmad-os-review-pr

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git and gh (GitHub CLI) to interact with repositories. Evidence includes commands like gh repo view, git status, gh pr checkout, gh pr view, gh pr diff, and gh pr comment.
  • [PROMPT_INJECTION]: There is a surface for indirect prompt injection as the skill passes untrusted pull request diffs to LLM subagents. 1. Ingestion points: Content from gh pr diff. 2. Boundary markers: Absent; subagents are not explicitly told to ignore instructions within the diff. 3. Capability inventory: Ability to checkout remote code, read repo state, and post comments to PRs. 4. Sanitization: None; the diff content is used directly in prompts.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves code from external GitHub repositories using gh pr checkout.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 09:06 AM