Skills
skills/getsentry/sentry-for-ai/sentry-pr-code-review/Gen Agent Trust Hub

sentry-pr-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It is designed to parse and extract instructions from an external, potentially attacker-influenced source: GitHub PR comments.
  • Ingestion points: In Phase 1, the skill uses the GitHub CLI (gh api) to fetch all comments from a specified pull request.
  • Boundary markers: The skill does not implement delimiters or 'ignore embedded instructions' warnings when processing the extracted content.
  • Capability inventory: According to Phase 3, the agent is expected to read files, assess code, and implement fixes (write files) based on the suggestions.
  • Sanitization: The instructions do not specify any sanitization, escaping, or validation of the content extracted from the Prompt for AI Agent markdown block.
  • [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) and the jq utility to interact with the GitHub API and process JSON data. These commands are used to list pull requests and fetch comment details, which is consistent with the skill's primary purpose of reviewing PRs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 12:48 AM