Skills
skills/home-assistant/core/github-pr-reviewer/Gen Agent Trust Hub

github-pr-reviewer

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from GitHub pull requests, creating a surface for indirect prompt injection. Malicious instructions within a PR diff or description could attempt to influence agent behavior.
  • Ingestion points: Pull request descriptions and code diffs accessed via gh pr view and gh pr diff in SKILL.md.
  • Boundary markers: Instructions do not include markers or warnings to separate PR content from agent instructions.
  • Capability inventory: The skill executes gh pr checkout, gh pr view, and gh pr diff.
  • Sanitization: PR content is processed without filtering or sanitization.
  • [COMMAND_EXECUTION]: The skill relies on executing the GitHub CLI (gh) to interact with repositories. While this is the intended functionality, it involves local environment modification via gh pr checkout.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 02:54 PM