review-pr
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill ingests untrusted data from GitHub pull request metadata, descriptions, commit messages, and code diffs.
- Boundary markers: Absent; there are no instructions to the agent to treat the ingested data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill uses a GitHub MCP server to read repository data and generate analysis and recommendations.
- Sanitization: Absent; the content is processed raw from the repository.
- No Code (SAFE): This skill contains no executable code or scripts; it acts as a wrapper for GitHub MCP server functions.
Audit Metadata