pr-scorer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git commands to identify branches and retrieve the code diff for analysis. Specifically, it uses
git branch,git remote show origin,git log, andgit diff. These are standard, read-only operations necessary for its primary function. - [PROMPT_INJECTION]: The skill processes untrusted input in the form of git diffs. Because it analyzes code and comments written by others, there is a potential for indirect prompt injection if the diff contains instructions intended to bypass the AI's scoring logic (e.g., instructions within comments to ignore certain criteria). However, the output is restricted to a structured local report, minimizing the impact of such events.
Audit Metadata