process-pr-reviews
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes GitHub CLI commands (
gh apiandgh api graphql) to interact with pull request data. These commands are used to fetch comments, reviews, and resolve discussion threads. The operations are consistent with the skill's stated purpose of triaging PR feedback. - [PROMPT_INJECTION]: The skill processes untrusted data from GitHub PR comments, which constitutes a surface for indirect prompt injection. Malicious actors could place instructions within PR comments intended to redirect the agent's behavior.
- Ingestion points: PR inline comments and review summaries fetched via the GitHub API (SKILL.md).
- Boundary markers: No explicit delimiter boundaries are used for the comment text.
- Capability inventory: The skill has the capability to read repository information and write (resolve) review threads via the GitHub API.
- Sanitization: The instructions explicitly state 'There is no need to analyze the comment content itself' and implement filtering to only process comments from specific bot logins (e.g.,
coderabbitai), which acts as a practical mitigation against processing arbitrary user-supplied instructions.
Audit Metadata