Skills
skills/prefecthq/fastmcp/review-pr/Gen Agent Trust Hub

review-pr

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface detected where the skill ingests external data from GitHub comments.
  • Ingestion points: PR comments and review bodies are fetched via gh api in SKILL.md.
  • Boundary markers: Absent; the skill lacks delimiters to separate external data from instructions.
  • Capability inventory: The agent has access to shell execution (gh, git), network operations, and instructions to modify and push code.
  • Sanitization: Absent; the agent is instructed to evaluate and fix bugs based on external feedback without prior validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 08:50 PM