Skills
skills/openhands/extensions/github-pr-review/Gen Agent Trust Hub

github-pr-review

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to use shell commands including gh, git, grep, head, and tail. These commands are used to inspect the repository state and communicate with the GitHub API to post review comments.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted input from pull requests that is then used to form API requests.
  • Ingestion points: File contents from pull requests are read into the agent's context using grep, head, and tail as described in the SKILL.md and README.md files.
  • Boundary markers: There are no explicit delimiters or 'ignore' instructions provided in the command templates to help the agent distinguish between code data and system instructions.
  • Capability inventory: The skill allows the agent to execute shell commands and perform network operations targeting the GitHub API.
  • Sanitization: The skill lacks mechanisms to sanitize or validate the content of the pull request files before they are included in the review body.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 02:57 AM