Skills
skills/fvadicamo/dev-agent-skills/github-pr-review/Gen Agent Trust Hub

github-pr-review

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the GitHub CLI (gh) and Git (git) to fetch pull request data, apply code changes, and commit fixes. These actions are aligned with the skill's primary purpose.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from GitHub PR comments and reviews and is explicitly told to follow AI prompts found within them.
  • Ingestion points: PR comments and review bodies are fetched from the GitHub API in SKILL.md and references/coderabbit_parsing.md.
  • Boundary markers: The instructions lack delimiters or warnings to ignore malicious instructions embedded in the external content.
  • Capability inventory: The agent has permission to modify local files, create git commits, and post comments to the PR using gh api and gh pr comment as seen in SKILL.md.
  • Sanitization: No sanitization or content validation is performed on the data fetched from GitHub.
  • [COMMAND_EXECUTION]: The skill uses dynamic context injection in SKILL.md to run gh pr view upon loading. This is used solely for metadata display and does not represent a sensitive operation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 10:07 PM