dev-review-pr
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes git and GitHub CLI (gh) commands to retrieve pull request metadata, diffs, and file contents during the review process (found in SKILL.md, Phase 1).
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted content from PRs and git diffs. Ingestion points: Pull request titles, bodies, and code diffs retrieved via gh and git (SKILL.md, Phase 1 and 3). Boundary markers: Absent. No instructions are provided to treat the analyzed content as data only or to ignore embedded instructions. Capability inventory: Execution of system commands (gh, git) and reading of local files. Sanitization: Absent. There is no evidence of validation or sanitization of data retrieved from external repositories.
Audit Metadata