pr-review-agent
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes data from pull request diffs and issue tracker comments which are external and potentially attacker-controlled. This content could contain malicious instructions aimed at influencing the review logic or the behavior of downstream agents.
- Ingestion points: Pull request diffs, changed files, and comments from the issue tracker.
- Boundary markers: Uses specific markers like
<!-- OPEN-ORCHESTRA-HANDOFF -->for handoff data, but lacks explicit guardrails or delimiters for the primary review material (the code diff) to prevent the agent from following embedded natural language instructions. - Capability inventory: The skill can post comments to pull requests and issue trackers, modify issue statuses (e.g., to 'Done' or 'In Progress'), and invoke external skills like
implementation-agentandinit-architect. - Sanitization: There is no mention of sanitization or input validation for the data ingested from the diffs or trackers.
Audit Metadata