gh-pr-review
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'gh-pr-review' extension from an unverified GitHub user account ('EurFelux'). This introduces the risk of executing unvetted code from a third-party source not listed as a trusted vendor.
- [COMMAND_EXECUTION]: The skill makes extensive use of shell commands via the 'gh' CLI to perform API calls, manage extensions, and handle the PR review lifecycle.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from GitHub pull requests (diffs, titles, and bodies). • Ingestion points: PR metadata and diff content gathered using 'gh pr view' and 'gh pr diff' in 'SKILL.md' (Step 2). • Boundary markers: No delimiters or instructions are used to distinguish untrusted PR data from agent instructions. • Capability inventory: Subprocess execution of 'gh' commands and interaction with the 'gh-pr-review' extension API. • Sanitization: No evidence of validation or sanitization of ingested PR content before processing.
Audit Metadata