Skills
skills/freekmurze/dotfiles/review-pr/Gen Agent Trust Hub

review-pr

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external, untrusted data from GitHub pull request descriptions and code diffs.
  • Ingestion points: Data retrieved via gh pr view and gh pr diff from potentially external contributors in Spatie repositories.
  • Boundary markers: None present in the workflow to separate fetched PR content from the agent's internal instructions.
  • Capability inventory: High-impact commands including gh pr merge and gh release create which are executed based on the agent's analysis of the PR content.
  • Sanitization: No sanitization or validation of the PR content is performed before processing.
  • [COMMAND_EXECUTION]: The skill relies on the GitHub CLI (gh) to perform repository actions.
  • It executes shell commands to view PR details, merge branches, and create tags/releases, which are powerful actions that should be monitored when driven by automated analysis of untrusted inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 05:11 PM