ai-pr-review
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires 'Bash' tool access to execute the GitHub CLI ('gh') and git commands. This is used to fetch pull request metadata, analyze diffs, and perform the automated 'fix-and-verify' workflow, which involves committing and pushing code changes.
- [PROMPT_INJECTION]: The skill has a significant indirect prompt injection surface (Category 8) evidenced by: 1. Ingestion points: Pull request unified diffs, PR titles/bodies, and acceptance criteria from linked GitHub issues. 2. Boundary markers: There are no explicit instructions or delimiters in 'SKILL.md' to treat these external inputs as untrusted data or to ignore embedded instructions. 3. Capability inventory: The agent has the ability to execute shell commands, modify the filesystem, and push code to remote branches. 4. Sanitization: No content validation, sanitization, or filtering of the fetched external data is defined before the agent processes it to generate reviews or fixes.
Audit Metadata