async-pr-review
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Automated Execution of Pull Request Code: The skill performs
npm ciand executes test plans on code fetched from external Pull Requests. (1) It automates the environment setup and execution of the project's build and test scripts within a temporary git worktree. (2) This is a central feature for automated reviews but involves running third-party code from the PR on the local system, which is an area to review when handling PRs from outside contributors. - Indirect Prompt Injection Surface: The skill ingests PR diffs, CI logs, and review summaries into LLM prompts to generate a final assessment. (1) It uses an AI agent to synthesize recommendations based on the content of the PR and the results of background tasks. (2) Maliciously crafted content within a PR (such as specific instructions in code comments) could potentially attempt to influence the AI's review or bias the final synthesis.
- System Notification Scripting: The review script utilizes terminal escape sequences and
osascriptfor notifications. (1) These commands are used to provide desktop alerts on macOS and update terminal status. (2) These utilities allow the script to interact with the host system's UI and terminal environment to notify the user of task completion.
Audit Metadata