Skills
skills/squirrel289/pax/gh-pr-review/Gen Agent Trust Hub

gh-pr-review

Warn

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing a GitHub CLI extension from an untrusted third-party organization: agynio/gh-pr-review. This introduces a dependency that is not from a verified vendor.
  • [COMMAND_EXECUTION]: The skill performs sensitive operations via the gh CLI, such as gh pr merge and gh pr-review comments reply, which execute commands with repository-level permissions.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: Fetches untrusted natural language data from GitHub PR comments and review threads using gh pr-review review view. 2. Boundary markers: No delimiters or protective instructions are provided to help the agent distinguish between its system prompt and external data. 3. Capability inventory: Includes capabilities to merge code, post comments, and resolve review threads. 4. Sanitization: External PR content is processed and displayed without sanitization or validation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 24, 2026, 11:24 PM