Skills
skills/thebushidocollective/han/load-pr-context/Gen Agent Trust Hub

load-pr-context

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill retrieves pull request descriptions, comments, and file diffs which are external, untrusted data sources. An attacker could embed malicious instructions in these fields to attempt to override the agent's behavior.
  • Ingestion points: Data is pulled from mcp__github__get_pull_request, mcp__github__get_pull_request_diff, and mcp__github__list_review_comments_on_pull_request.
  • Boundary markers: Absent. The skill does not define specific delimiters or instructions to treat the fetched content as potentially unsafe data.
  • Capability inventory: The skill primarily reads and summarizes data; however, the summarized context remains in the LLM's active session, potentially affecting future tool calls.
  • Sanitization: Absent. No filtering or sanitization of the PR content is performed before presentation to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 07:57 AM