Skills
skills/rcdailey/dotfiles/gh-pr-review/Gen Agent Trust Hub

gh-pr-review

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the gh-review CLI tool to perform various GitHub pull request operations, including view, start, comment, and delete. These commands are used to manage a pending review workflow and are consistent with the skill's primary purpose.
  • [SAFE]: No evidence of prompt injection, data exfiltration, obfuscation, or persistence mechanisms was identified. The skill follows established workflows for pull request interactions and does not attempt to access sensitive system files or environment variables.
  • [PROMPT_INJECTION]: The skill is a surface for indirect prompt injection as it processes pull request diffs and code which are untrusted external inputs. While an attacker could embed malicious instructions in the code being reviewed, the skill's instructions for manual verification and explicit review workflows act as a secondary layer of defense.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 08:19 PM