sentry-pr-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it is specifically designed to ingest and act upon untrusted data from GitHub PR comments.
- Ingestion points: GitHub PR comments are fetched using the
gh apicommand in SKILL.md (Phase 1). - Boundary markers: The skill uses specific markdown tags (e.g.,
<summary>) to parse segments like "AI Prompt" and "Suggested Fix" but does not implement boundary markers or instructions to ignore embedded commands within those segments. - Capability inventory: The skill has capabilities to read repository files and "Implement fix" (file-write operations) based on parsed suggestions (SKILL.md Phase 3).
- Sanitization: No sanitization or validation logic is present for the content extracted from the comments before it is used to influence agent behavior or modify code.
- [COMMAND_EXECUTION]: The skill utilizes the
gh(GitHub CLI) andjqbinaries to perform repository operations, including fetching comments and listing pull requests. These are standard operations for the skill's stated purpose.
Audit Metadata