comprehensive-review-pr-enhance
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local git commands such as
git diffusing thesubprocessmodule in Python. This is necessary for the skill's core functionality of analyzing repository changes. - [PROMPT_INJECTION]: The skill processes untrusted external data in the form of git diffs and commit messages. While this presents a surface for indirect prompt injection, the skill primarily uses this data for structural formatting (tables, checklists) rather than direct instruction following, which minimizes the risk.
- [DATA_EXPOSURE]: The skill analyzes file content and diffs to generate PR descriptions. It specifically includes guidelines to check for hardcoded secrets and sensitive files (e.g., auth, crypto, tokens), which aligns with security best practices for code review tools.
Audit Metadata