pr-review
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow involves executing shell commands like
git diffandgh pr diff <number>. Using user-provided identifiers like pull request numbers directly in shell commands poses a risk of command injection if the underlying execution environment does not adequately sanitize arguments. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data (git diffs and PR content) that could contain malicious instructions designed to subvert the agent's review process.
- Ingestion points: Data retrieved via
git diffandgh pr diffas described inSKILL.mdPhase 1. - Boundary markers: The instructions lack explicit delimiters or safety prompts to prevent the agent from following instructions embedded within the reviewed code diffs.
- Capability inventory: The skill can execute CLI tools (
git,gh) and access local files (e.g.,CLAUDE.md). - Sanitization: There is no specified logic for sanitizing or filtering the content of the diffs before they are processed by the review methodologies.
Audit Metadata