pr-test-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to evaluate PR test coverage, requiring it to ingest external data which may contain malicious instructions.\n
- Ingestion points: SKILL.md (via the context block passed to the codex-subagent command).\n
- Boundary markers: The implementation uses a quoted heredoc (<<'EOF') which effectively prevents local shell variable expansion and command injection at the script level; however, it lacks internal delimiters to prevent the subagent from following instructions embedded within the PR content itself.\n
- Capability inventory: The skill executes the 'codex-subagent' command to process the provided data.\n
- Sanitization: No content filtering or sanitization of the PR/issue data is performed before it is passed to the subagent.
Audit Metadata