swe-pr-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external Git repositories.\n
- Ingestion points: The skill fetches pull request titles, descriptions, file diffs, and existing comments from GitHub or GitLab using MCP tools.\n
- Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore embedded instructions within the ingested PR data.\n
- Capability inventory: The agent has the capability to post comments, submit review statuses, and potentially trigger code changes through associated implementation skills.\n
- Sanitization: No sanitization or validation logic is defined to check for malicious content in the fetched strings before they are presented to the language model.
Audit Metadata