Skills
skills/mathews-tom/armory/pr-review/Gen Agent Trust Hub

pr-review

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from external sources.
  • Ingestion points: Untrusted data enters the agent context through git diff, gh pr diff, and CLAUDE.md files during Phase 1 (Scope) and Phase 2 (Route).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' warnings for the content extracted from diffs or configuration files.
  • Capability inventory: The skill utilizes git and gh CLI tools for data retrieval. It does not contain instructions for dangerous operations such as file writing, remote code execution (eval/exec), or unsolicited network requests.
  • Sanitization: There is no evidence of input validation or content sanitization performed on the ingested data before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 11:55 PM