Skills
skills/zzci/skills/pma-cr/Gen Agent Trust Hub

pma-cr

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from external sources, including code diffs and project configuration files, which can lead to indirect prompt injection.
  • Ingestion points: Untrusted content is ingested via git diff, gh pr diff, and project-specific files like CLAUDE.md and AGENTS.md (as seen in agents/code-reviewer.md).
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat this content as untrusted data rather than instructions.
  • Capability inventory: The agent has access to Bash, Read, Grep, and Glob tools, which could be leveraged if the agent is influenced by malicious content in a PR or config file.
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the repository before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform necessary development operations.
  • Evidence: It executes git commands (e.g., git diff, git log) and GitHub CLI commands (e.g., gh pr view, gh pr diff, gh pr review) to fulfill its code review functions.
  • Context: These commands are standard for the skill's intended purpose of code review and repository auditing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 12:21 AM