pr-reply
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands (
git,ls) and the GitHub CLI (gh) to gather technical context. These operations are scoped to project metadata and the official GitHub API. - [SAFE]: The skill uses dynamic context injection (the
!cmdsyntax) to load the current branch name and recent commit history into the prompt. These commands are read-only and benign. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted data from external sources (pull request comments) via the GitHub API or user-pasted text.
- Ingestion points: SKILL.md instructions for fetching pull request comment bodies, paths, and diff hunks.
- Boundary markers: Absent; there are no explicit instructions to ignore potentially malicious content within the fetched comments.
- Capability inventory: The agent's capabilities are limited to read-only operations (
git,gh,ls). It lacks file-write or system modification permissions. - Sanitization: No sanitization is performed on fetched data. However, the impact is low because the skill's primary output is human-readable text intended for manual review and pasting by the user.
Audit Metadata