Skills
skills/getsentry/sentry-skills/gh-review-requests/Gen Agent Trust Hub

gh-review-requests

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the subprocess.run method within its Python script to execute the GitHub CLI (gh). This is used for legitimate operations such as fetching organization members, notifications, and pull request details.
  • [EXTERNAL_DOWNLOADS]: The script interacts with GitHub's API endpoints (e.g., api.github.com). Since GitHub is a well-known service and the data requested is necessary for the skill's purpose, this is considered a safe external reference.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it fetches and displays user-generated content from GitHub.
  • Ingestion points: The script scripts/fetch_review_requests.py ingests pull request titles and author names from the GitHub API.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore any commands that might be embedded in the PR titles.
  • Capability inventory: The skill possesses the ability to execute shell commands via the gh CLI and run Python scripts using uv.
  • Sanitization: The skill does not sanitize or escape the retrieved PR titles before displaying them in a Markdown table, which could allow malicious content to influence the agent's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 03:40 AM