github-pr-review
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Interacts with the official GitHub API at api.github.com using established tools like curl and the GitHub CLI (gh) for its core functionality of pull request management.
- [COMMAND_EXECUTION]: Uses local development utilities such as git, grep, head, and tail to navigate the codebase and identify correct line numbers for code comments.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it processes untrusted PR content. Ingestion points: Pull request diffs and source code files. Boundary markers: Explicitly instructs the agent to use JSON input files (@/tmp/review.json) when interacting with CLI tools to separate untrusted data from command arguments. Capability inventory: Includes file system write operations and network communication via the GitHub API. Sanitization: Employs structured JSON formatting for API payloads, which effectively sanitizes input by preventing shell metacharacters in the reviewed content from being executed.
Audit Metadata