quick-pr-review
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill recommends using standard command-line tools such as git diff, npm test, npm audit, and grep. These are used for their intended purposes: reviewing changes, running tests, checking for vulnerabilities, and finding code patterns. All commands are standard for a development environment.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it involves the agent analyzing user-controlled source code. 1. Ingestion points: The agent reads staged changes via git diff or through MCP file-reading tools. 2. Boundary markers: No specific delimiters or instructions are provided to the agent to treat code content as untrusted data. 3. Capability inventory: The skill suggests using tools for security scanning, documentation generation, and performance analysis on the ingested code. 4. Sanitization: There are no explicit steps provided to sanitize or escape the code content before analysis.
Audit Metadata