review-pr
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from Pull Requests and configuration files, creating a surface for indirect prompt injection attacks.
- Ingestion points: SKILL.md specifies gathering context from PR intent, changed files, and relevant CLAUDE.md files.
- Boundary markers: The instructions lack explicit delimiters or directives to ignore instructions contained within the content being reviewed.
- Capability inventory: The skill has the capability to write back to the repository using the github_inline_comment:create_inline_comment tool.
- Sanitization: There is no evidence of sanitization or validation of the input data to prevent embedded instructions from being followed.
Audit Metadata