gh-review-requests
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches pull request and notification data from GitHub's official API using the
ghCLI tool.- [COMMAND_EXECUTION]: Executes a local Python scriptfetch_review_requests.pyand standard GitHub CLI commands (gh api) to retrieve information. These are restricted to the intended functionality of the skill.- [DATA_EXFILTRATION]: No unauthorized data transfer detected. The skill uses the user's existing GitHub authentication to read notification data.- [INDIRECT_PROMPT_INJECTION]: The skill processes external data (GitHub PR titles). While this presents a theoretical surface for indirect prompt injection if a PR title contained malicious instructions, the risk is minimal as the data is presented in a markdown table and the agent has no high-privilege capabilities exposed through this skill.
Audit Metadata