pr-review
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to interact with the repository and build tools. It executes git, gh (GitHub CLI), make, go, and dtctl (a tool from the same author) to fetch changes, run linters, and execute tests.
- [DATA_EXFILTRATION]: The skill reads code diffs and PR metadata using git diff and gh pr view. This access is necessary for the PR review functionality and the data is processed within the agent context.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from pull request descriptions and code changes without explicit boundary markers or sanitization. * Ingestion points: PR titles, bodies, and file diffs fetched via gh and git commands. * Boundary markers: None identified in the prompt instructions to isolate untrusted code content. * Capability inventory: Execution of subprocesses via make, go test, and CLI tool invocation. * Sanitization: No explicit sanitization or validation of the ingested data is performed before processing.
Audit Metadata