pr-review-expert
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted data from external code repositories during PR reviews.
- Ingestion points: The skill gathers PR metadata and full diffs using 'gh pr view' and 'gh pr diff' as documented in Step 1 of SKILL.md.
- Boundary markers: While the skill uses a structured markdown report format for its output, it lacks specific delimiters or instructions that command the agent to ignore potentially malicious instructions embedded in the ingested code or comments.
- Capability inventory: The skill is capable of executing local shell commands (grep, sed, gh) and internal Python analysis scripts (blast_radius_calculator.py, diff_analyzer.py, review_checklist_generator.py) to process data.
- Sanitization: No sanitization, escaping, or validation of the external PR content is performed before it is analyzed.
- [COMMAND_EXECUTION]: The skill uses local shell commands and Python scripts to automate the review process. These include using 'gh' for repository interaction and 'grep'/'sed' for diff analysis. These operations are standard for the skill's intended purpose and are restricted to the local environment.
Audit Metadata