pr-review
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to obtain code diffs and run project-specific linting tools. \n
- Evidence: The workflow involves running
git diff <base-branch>...<compare-branch>,bundle exec rubocop, andbin/packwerk check. \n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted code changes. \n - Ingestion points: The skill reads the output of
git diff, which includes code from thecompare-branch. \n - Boundary markers: There are no explicit markers or instructions to treat the ingested diff content as non-executable data. \n
- Capability inventory: The agent has the ability to read local rule files and execute shell commands. \n
- Sanitization: No sanitization is performed on the branch names or the resulting diff content before it is passed to the model.
Audit Metadata