Skills
skills/wednesday-solutions/ai-agent-skills/pr-review/Gen Agent Trust Hub

pr-review

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git and gh (GitHub CLI) commands via Bash to interact with the repository, fetch metadata, and manage code updates. These operations are restricted by the YAML frontmatter to specific binaries and are consistent with the skill's primary purpose.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data in the form of PR review comments fetched from GitHub. This creates an indirect prompt injection surface. However, the risk is mitigated by the 'Agent Fix Rules' which mandate explicit developer approval (e.g., @agent fix #N) before the agent can perform any edits or commits.
  • Ingestion points: PR review comments fetched via the gh tool.
  • Boundary markers: None explicitly defined for comment content.
  • Capability inventory: File system modification (Edit), repository state management (git), and PR interaction (gh).
  • Sanitization: Relies on a human-in-the-loop (dev approval) requirement to validate proposed fixes before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 04:34 AM