Skills
skills/greptileai/skills/check-pr/Gen Agent Trust Hub

check-pr

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is susceptible to malicious instructions embedded in the pull request content it analyzes.
  • Ingestion points: SKILL.md uses gh pr view to fetch the PR title and body, and gh api to fetch comments and reviews. These fields contain arbitrary text provided by PR authors or commenters.
  • Boundary markers: None. There are no instructions or delimiters used to isolate untrusted PR content from the agent's core instructions, increasing the risk that the agent will follow instructions found within a comment.
  • Capability inventory: The skill has significant write capabilities, including git push (to modify the codebase) and gh api graphql mutations (to resolve threads and change repository state).
  • Sanitization: None. The skill lacks any mechanism to sanitize or validate the content of comments before using them to categorize "Actionable" tasks.
  • [Command Execution] (LOW): The skill makes extensive use of system commands via gh and git.
  • Evidence: Uses gh pr view, gh api, git commit, and git push throughout SKILL.md.
  • Risk: While these are the intended tools, the lack of input sanitization for the PR number or branch names (if they were user-provided) could lead to command injection, though the current implementation primarily uses values returned from other gh commands.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 04:59 AM