pr-review
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh) to interact with pull request data and executes a local Node.js script (extract-pr-comments.js) to parse and organize feedback into actionable tasks. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from external sources (PR comments) and presenting it to the agent as direct instructions. Ingestion points: GitHub PR review and issue comments are fetched via
ghand processed into a TODO list. Boundary markers: No specific delimiters or "ignore previous instructions" warnings are applied to the extracted comment content. Capability inventory: The agent has permissions to modify files, execute build/test commands, and perform Git operations. Sanitization: Theextract-pr-comments.jsscript performs classification based on keywords but does not sanitize or escape the content of the comment bodies before they are presented to the agent.
Audit Metadata