Skills
skills/supatest-ai/aiden-skills/aiden-review-pr/Gen Agent Trust Hub

aiden-review-pr

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git remote get-url origin to resolve the repository's owner and name from the local environment when a full URL or reference is not provided.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and acting upon untrusted data from external GitHub pull requests.
  • Ingestion points: Untrusted data enters the agent context via mcp__aiden__github_get_pull_request (descriptions), mcp__aiden__github_get_pr_diff (code diffs), and mcp__aiden__github_list_pr_comments (user comments) as described in the Workflow section of SKILL.md.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' prompts when processing the fetched GitHub data.
  • Capability inventory: The skill has significant capabilities including mcp__aiden__github_create_pr_review, mcp__aiden__github_add_comment, and mcp__aiden__github_merge_pull_request, which could be abused if the agent obeys instructions hidden in PR content.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from the GitHub API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 07:40 AM