load-pr-review
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes 'gh' (GitHub CLI) and 'jq' commands to interact with remote repositories and safely format data. The 'writeback-guardrails.md' document and 'scripts/load-pr-review.js' implementation show robust handling of shell injection risks by avoiding direct string interpolation and using temporary files for API inputs.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from GitHub PR comments. 1. Ingestion points: PR comments are fetched via GraphQL or REST API in 'scripts/load-pr-review.js'. 2. Boundary markers: The skill lacks explicit delimiters or 'ignore' instructions to distinguish between PR comments and system instructions during the fix phase. 3. Capability inventory: The agent can read and modify files and execute 'gh' commands based on the content of these comments. 4. Sanitization: The script truncates large comment bodies to 2000 characters and ensures safe command construction via the 'jq' utility.
Audit Metadata