review-pr
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from Gitee Pull Requests, such as titles, descriptions, and file contents, which could contain malicious instructions designed to manipulate the AI's review behavior.
- Ingestion points: Untrusted data is retrieved using tools like
get_pull_detail,list_pull_comments, andget_file_contentas outlined inSKILL.md. - Boundary markers: The instructions lack explicit delimiters or specific directives to the AI to ignore instructions embedded within the PR data being analyzed.
- Capability inventory: The skill has the ability to post comments back to the repository using the
comment_pulltool, which could be used to spread malicious content if the AI is successfully injected. - Sanitization: The skill does not implement any sanitization or validation of the ingested content before it is passed to the AI for analysis.
Audit Metadata