Skills
skills/openhands/skills/github-pr-review/Gen Agent Trust Hub

github-pr-review

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill analyzes untrusted code from pull requests, creating a surface for indirect prompt injection.
  • Ingestion points: The agent reads file content using commands like grep, head, and tail as instructed in SKILL.md.
  • Boundary markers: No delimiters or instructions are provided to help the agent distinguish between code data and potentially malicious instructions within the PR content.
  • Capability inventory: The agent has the ability to execute shell commands (gh, curl) and perform network operations to the GitHub API using the GITHUB_TOKEN.
  • Sanitization: No sanitization or escaping of the file content is mandated before it is used in the review body or API payloads.
  • [COMMAND_EXECUTION]: The skill relies on shell commands to perform its core functionality.
  • Evidence: Templates for gh api, curl, grep, head, and tail are provided in both README.md and SKILL.md to facilitate finding code lines and posting review comments.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 11:33 AM