Skills
skills/saurabhdaware/agent-toolkit/review-pr/Gen Agent Trust Hub

review-pr

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches external content from GitHub.com (specifically .diff files) based on the user-provided PR URL. GitHub is recognized as a well-known and trusted service.
  • [COMMAND_EXECUTION]: The instructions recommend using the grep utility to process large diff files, which involves executing system-level commands to filter text content.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external GitHub pull requests. Maliciously crafted code comments or documentation within a PR diff could attempt to influence the agent's summary or the behavior of the downstream /review-ci and /review-ui skills.
  • Ingestion points: Fetches raw diff content from the URL provided in the PR_URL argument (e.g., https://github.com/.../pull/190.diff).
  • Boundary markers: The skill lacks explicit boundary markers or system instructions to ignore potential commands embedded within the fetched diff content.
  • Capability inventory: The skill uses grep for data processing and acts as an orchestrator for other automated review skills.
  • Sanitization: There is no evidence of sanitization, filtering, or escaping of the diff content before it is processed or passed to subsequent skills.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:20 AM