review-pr
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted pull request comments fetched from external repositories during Phase 1. This data represents a potential indirect prompt injection vector where malicious instructions could be embedded in comments to subvert the code review or the finalization process.
- Ingestion points: Pull request comments fetched via the /fetch-pr-comments skill in Phase 1 (SKILL.md).
- Boundary markers: The orchestrator lacks explicit delimiters or instructions to treat external comment data as non-executable data.
- Capability inventory: The skill calls /finalize and /investigate, which may involve automated code modifications or repository state changes.
- Sanitization: No sanitization or validation of the fetched comment content is performed before processing.
Audit Metadata