explain-this-pr
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses user-provided input (PR URL or number) directly in shell commands such as
gh pr view,gh pr diff, andgh pr comment. If this input is not properly sanitized by the agent, it could lead to command injection vulnerabilities. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external sources (GitHub PRs).
- Ingestion points: In
SKILL.md(Step 2), the agent fetches PR metadata, the code diff, and previous comments, all of which can contain attacker-controlled text. - Boundary markers: Absent. There are no delimiters or explicit instructions to ignore embedded commands within the fetched PR content.
- Capability inventory: The skill has the capability to post comments back to GitHub via
gh pr comment(Step 5), which could be abused to spread misinformation or perform social engineering if the agent is manipulated by injected instructions. - Sanitization: Absent. The skill does not validate or sanitize the fetched content before processing it for summary generation.
Audit Metadata