pr-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill's primary function is to ingest and process untrusted external data (pull request content), which exposes it to adversarial instructions designed to bypass agent constraints.\n
- Ingestion points: The skill ingests pull request code, branch data, and ticket descriptions provided by the user (SKILL.md).\n
- Boundary markers: Absent. There are no instructions or delimiters defined to separate the skill's core instructions from the untrusted data being analyzed.\n
- Capability inventory: The skill is strictly instructional and focused on analysis; it does not invoke dangerous capabilities such as file-system writes, network requests, or command execution.\n
- Sanitization: Absent. The skill does not implement any sanitization, filtering, or validation of the ingested PR content to detect or neutralize potential injection attacks.
Audit Metadata