Skills
skills/openhands/extensions/github-pr-review/Gen Agent Trust Hub

github-pr-review

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides detailed instructions for using the GitHub CLI (gh api) and curl to post feedback to pull requests. These commands are used for their intended purpose of interacting with the official GitHub API.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted data (pull request code and diffs) which could contain malicious instructions meant to subvert the review process.
  • Ingestion points: Reads code files and diff headers during the analysis phase (SKILL.md, README.md).
  • Boundary markers: The instructions do not specify the use of clear delimiters or markers to separate the untrusted PR content from the agent's internal reasoning or instructions.
  • Capability inventory: The agent has the ability to execute shell commands (gh, curl, grep, head, tail) and perform network operations to api.github.com.
  • Sanitization: There is no explicit sanitization or validation logic defined to filter instructions that might be embedded in the PR code.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 06:19 PM