datahub-connector-pr-review
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash to run standard development tools (
git,gh) and local scripts. Thegather-connector-context.shscript employs robust input validation to sanitize connector names, effectively mitigating risks of path traversal or command injection through user-supplied identifiers. - [EXTERNAL_DOWNLOADS]: The documentation references the installation of an official plugin (
pr-review-toolkit@claude-plugins-official) to provide advanced multi-agent review capabilities. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted data from pull requests (descriptions, comments, and diffs) and DataHub 'golden files'. However, this is a known risk for review tools, and the skill implements structured workflows and utilizes specific sub-agents to process the data.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration attempts were detected. The skill's operations are consistent with its stated purpose of code quality and standards enforcement.
Audit Metadata