make-pr-easy-to-review
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands including
gitandgh(GitHub CLI) to fetch remote data, inspect commit history, and rewrite git branches. These operations are core to the skill's purpose but involve high-privilege interactions with the repository. - [PROMPT_INJECTION]: The skill is potentially vulnerable to indirect prompt injection. It processes untrusted external content such as pull request titles, descriptions, and commit messages (ingestion point:
SKILL.md). This data could be crafted to influence the agent's behavior during its analysis or history rewriting phases. While the skill includes a verification step (comparingORIGINAL_TREEhashes) and a 'propose a plan' requirement, it lacks explicit boundary markers or sanitization logic to isolate untrusted content from its instructions. - [DATA_EXFILTRATION]: The skill accesses repository information and PR metadata using
gh pr view. While no external network exfiltration to third-party domains was detected, the access to internal commit data and PR details is a prerequisite for exfiltration if combined with other vulnerabilities.
Audit Metadata