github-pr-review
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes untrusted data from GitHub PR comments and reviews. A malicious actor could provide comments containing instructions designed to manipulate the agent's code analysis or fix generation process.
- Ingestion points: The skill uses
gh apiinSKILL.mdto fetch comment and review bodies from GitHub. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the fetched comment text as data rather than instructions.
- Capability inventory: The skill can read repository files, propose and apply code changes, perform git commits, and execute the project's test suite.
- Sanitization: No sanitization or filtering is performed on the comment content before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill performs several shell-based operations including the use of the GitHub CLI (
gh) for API interactions and metadata retrieval, and Git for repository management. It also executes the local project test suite, which involves running commands defined within the target repository's environment.
Audit Metadata