git-pr-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from malicious content within pull requests.
- Ingestion points: Pull request diffs retrieved via the git diff command (SKILL.md).
- Boundary markers: No delimiters or instructions are provided to the agent to disregard instructions embedded in the diff content.
- Capability inventory: The skill is authorized to use Bash, Read, Grep, and Glob tools (SKILL.md).
- Sanitization: No sanitization or validation of the diff output is performed before the agent processes it.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute git commands for PR analysis. While these commands are for the skill's primary function, executing shell commands on repository data without explicit sanitization of variables like branch names can be exploited if those names are attacker-controlled.
Audit Metadata