name: pr-risk-analyzer
description: Analyze GitHub pull requests for security risks and determine if a PR is safe to merge.
PR Risk Analyzer
What it does
Evaluates a GitHub pull request for potential risks such as exposed secrets, large code changes, and modifications to sensitive files.
Provides a risk score and recommendation before merging.
When to use
Use this skill when a user asks to:
- Check if a PR is safe to merge
- Analyze a pull request
- Scan a PR for security or risk
- Review changes before deployment
Inputs needed
- Repository (owner/repo)
- Pull request number
- GitHub access token (required for private repositories)
If any input is missing, ask the user for it.
Workflow
- Identify repository and PR number from the user request.
- If the repository is private, request a GitHub access token.
- Send a POST request to:
https://pr-risk-analyzer.onrender.com/analyze-pr
Body:
{
"repo": "<owner/repo>",
"pr_number": <number>,
"github_token": "<token if available>"
}
- Parse the response:
- riskScore
- riskLevel
- issues
- summary
- Respond to the user with:
- Risk level
- Key issues (bullet points)
- Clear recommendation:
- Safe to merge
- Needs review
- High risk – do not merge
Guardrails
- Do not guess repository or PR number.
- If API fails, inform the user and suggest retry.
- Do not expose or store GitHub tokens.
- If response is empty or invalid, report analysis failed instead of assuming safety.