review-pr
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official GitHub CLI (
gh) for its operations. References to well-known services such as GitHub and its official CLI are considered safe practices. - [COMMAND_EXECUTION]: The skill executes standard GitHub CLI commands (
gh pr view,gh pr diff,gh pr review) to perform its stated function. These operations are transparent, part of a guided multi-phase process, and directly support the primary purpose of the skill. - [PROMPT_INJECTION]: There is a surface for indirect prompt injection as the skill ingests untrusted data from pull request titles, descriptions, and code diffs.
- Ingestion points: Data enters the context via
gh pr view,gh pr diff, andgh issue viewcommands as described in Phase 1 ofSKILL.md. - Boundary markers: Absent; the instructions do not explicitly provide delimiters or warnings to ignore instructions embedded within the PR content.
- Capability inventory: The skill has the ability to write data back to GitHub using the
gh pr reviewcommand in Phase 5. - Sanitization: Risk is mitigated by a mandatory human-in-the-loop checkpoint in Phase 4, where the user must review and approve the draft before submission.
Audit Metadata