review-pr
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input from pull request artifacts, which is a surface for indirect prompt injection. This is an inherent risk of the tool's core functionality and is mitigated by its restricted execution environment.
- Ingestion points:
pr_diff.txtandpr_description.txtmentioned in the SKILL.md context. - Boundary markers: None identified in the prompt template.
- Capability inventory: The skill is limited to writing a local file (
review.json) and executing a JSON validator (jq). - Sanitization: No input sanitization is specified for the diff or description content.
- [COMMAND_EXECUTION]: The instructions include a step to validate the generated JSON using the
jqcommand-line utility, which is a benign and standard software development task.
Audit Metadata