pr-review
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the GitHub CLI (
gh) to retrieve pull request metadata, diffs, and comments. These commands are constructed using a PR number provided via the skill's arguments. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data into the agent's context during the review process.
- Ingestion points: Pull request titles, descriptions, and comments fetched from GitHub, as well as local files such as
.agents/pr-review-perspectives.mdand project rules. - Boundary markers: The instructions do not define clear boundaries or delimiters to separate the retrieved data from the agent's instructions, nor do they include warnings to ignore instructions embedded in the PR content.
- Capability inventory: The skill can execute
ghCLI commands and read various files within the repository (source code, documentation, configuration). - Sanitization: No validation or sanitization of the PR content or configuration file data is performed before processing.
Audit Metadata