Skills
skills/proffesor-for-testing/agentic-qe/pr-review/Gen Agent Trust Hub

pr-review

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes pull request diffs and descriptions which are untrusted external inputs.
  • Ingestion points: The skill uses gh pr diff and gh pr view in SKILL.md to ingest external content from GitHub pull requests into the agent's context.
  • Boundary markers: There are no explicit instructions or delimiters used to separate the external PR content from the skill's own instructions, nor any warnings to ignore embedded instructions within the ingested content.
  • Capability inventory: The skill possesses the capability to write back to the repository using gh pr review as defined in SKILL.md.
  • Sanitization: The skill does not perform any sanitization, validation, or escaping of the ingested PR content before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill executes shell commands via the GitHub CLI (gh) using the <pr-number> argument provided by the user or extracted from context. If the agent does not strictly validate that this input is a numeric pull request ID, it could be exploited for command injection if a malicious string (e.g., 123; malicious_command) is supplied.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 10:12 AM