Skills
skills/snailuu/skill/pr-review/Gen Agent Trust Hub

pr-review

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute system commands including git, gh (GitHub CLI), and glab (GitLab CLI). These commands are dynamically constructed using repository owners, names, and PR numbers parsed from user input or remote sources.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data from external PR/MR comments and analyzes them without sufficient isolation, which could be exploited if a comment contains malicious instructions targeted at the agent.
  • Ingestion points: SKILL.md (via gh api, glab api, and WebFetch calls to PR/MR endpoints).
  • Boundary markers: Absent (The skill does not specify delimiters or 'ignore' instructions for the external content being analyzed).
  • Capability inventory: Bash tool access (allows the agent to execute arbitrary shell commands on the host system).
  • Sanitization: Absent (There is no logic to sanitize or escape the content of PR comments before they are processed by the LLM).
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to ask the user for Personal Access Tokens (PATs) via AskUserQuestion if it cannot find existing CLI authentication. While necessary for private repo access, this involves the manual handling of sensitive credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 02:12 PM