Skills
skills/materializeinc/materialize/mz-pr-review/Gen Agent Trust Hub

mz-pr-review

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git, jj, and the GitHub CLI (gh) to retrieve diffs and file lists. These are standard tools for its intended purpose of code review.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external, potentially untrusted data from Pull Request diffs without explicit boundary markers or sanitization.
  • Ingestion points: Pull Request diffs (via gh pr diff), git diff output, and project source files (e.g., doc/developer/guide-changes.md).
  • Boundary markers: No delimiters or instructions are used to distinguish between the diff content and the agent's instructions.
  • Capability inventory: The agent has access to Bash, Read, Grep, Glob, and Task tools as defined in the skill's allowed-tools configuration.
  • Sanitization: No sanitization or validation of the ingested diff content is performed before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 03:17 PM