Skills
skills/yonatangross/skillforge-claude-plugin/review-pr/Gen Agent Trust Hub

review-pr

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from GitHub pull requests.
  • Ingestion points: External data is retrieved via gh pr view and gh pr diff in Phase 1 of the workflow.
  • Boundary markers: The agent prompts for subagents (defined in rules/agent-prompts-task-tool.md and rules/agent-prompts-agent-teams.md) lack explicit delimiters or instructions to ignore embedded commands within the interpolated PR content.
  • Capability inventory: The skill utilizes a high-privilege toolset including Bash, Read, Write, Edit, and TaskCreate, which could be abused if an injection attack succeeds.
  • Sanitization: There is no evidence of sanitization or filtering of the pull request content before it is passed to the subagents.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool extensively to execute local system commands and interact with the GitHub CLI (gh).
  • [EXTERNAL_DOWNLOADS]: Fetches pull request information and code diffs from GitHub's official servers using the gh CLI.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 03:10 PM