pr-review
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands including
git branch,git log,git diff,gh pr view, andgh pr diffto collect context about the code changes. These are standard operations for a code review utility.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external Pull Requests and local files which could contain adversarial instructions.\n - Ingestion points: Untrusted content is ingested from the GitHub API via
gh pr viewandgh pr diff, and from local repository files viagit diffand standard file reading tools.\n - Boundary markers: Absent. The gathered code diffs and PR comments are interpolated directly into the workflow-specialist's prompt without specific delimiters or warnings to treat the content as untrusted data.\n
- Capability inventory: The skill has access to the local file system, the GitHub CLI, and the ability to spawn and orchestrate other agents through the
Task()function.\n - Sanitization: No input validation or sanitization of the code content is performed before it is passed to the analysis agent.
Audit Metadata