review-pr
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted code and comments from external Pull Requests, which creates an attack surface for indirect prompt injection.\n
- Ingestion points: Pull request details, diff files, file content, and existing comments are fetched from Gitee and ingested into the agent's context (SKILL.md, Steps 1-3).\n
- Boundary markers: The instructions lack explicit delimiters or specific warnings to ignore instructions found within the processed PR data.\n
- Capability inventory: The agent can post comments to Gitee via
comment_pulland execute localgitand file system commands (SKILL.md, Step 2 & 7).\n - Sanitization: No sanitization or validation of the PR data is performed before processing.\n- [COMMAND_EXECUTION]: The skill instructs the agent to execute local system commands.\n
- Evidence: The agent is guided to use local
gitcommands and file access to obtain broader context if a local repository clone is available (SKILL.md, Step 2).
Audit Metadata