Skills
skills/significant-gravitas/autogpt/pr-review/Gen Agent Trust Hub

pr-review

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard CLI tools including git, gh, poetry, and pnpm for PR management, code formatting, and testing within the Significant-Gravitas/AutoGPT repository.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data from the GitHub API using the gh tool, which is a well-known and trusted service.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. 1. Ingestion points: PR reviews and comments are fetched via gh api in Step 2. 2. Boundary markers: No explicit delimiters or instructions are used to isolate untrusted comment text. 3. Capability inventory: The agent can execute shell commands like git push and poetry run. 4. Sanitization: No sanitization or validation of fetched comment content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 05:25 AM