Skills
skills/k1low/gh-pr-reviews/triage-pr-reviews/Gen Agent Trust Hub

triage-pr-reviews

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of the gh-pr-reviews extension by user k1LoW. This author and repository are not on the predefined trusted list. While necessary for the skill's primary function, users should verify the extension before installation.
  • [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection (Category 8). The skill processes untrusted data from GitHub PR comments.
  • Ingestion points: The body field returned by the gh pr-reviews command (Step 1).
  • Boundary markers: Absent. There are no delimiters or instructions to treat the comment text as data only.
  • Capability inventory: The agent has access to gh CLI commands and local file reading (Step 4).
  • Sanitization: None. The skill directly evaluates the comment body against code context.
  • Risk: A malicious PR comment could contain hidden instructions (e.g., in a code block or HTML comment) designed to trick the agent into misclassifying the review or performing unauthorized file reads.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 09:31 AM