Github MergeGuard AI
--- name: pr-risk-analyzer description: Analyze GitHub pull requests for security risks and determine if a PR is safe to merge. --- --- # PR Risk Analyzer ## What it does Evaluates a GitHub pull r
Description
name: pr-risk-analyzer description: Analyze GitHub pull requests for security risks and determine if a PR is safe to merge.
PR Risk Analyzer
What it does
Evaluates a GitHub pull request for potential risks such as exposed secrets, large code changes, and modifications to sensitive files. Provides a risk score and recommendation before merging.
When to use
Use this skill when a user asks to:
- Check if a PR is safe to merge
- Analyze a pull request
- Scan a PR for security or risk
- Review changes before deployment
Inputs needed
- Repository (owner/repo)
- Pull request number
- GitHub access token (required for private repositories)
If any input is missing, ask the user for it.
Workflow
-
Identify repository and PR number from the user request.
-
If the repository is private, request a GitHub access token.
-
Send a POST request to:
https://pr-risk-analyzer.onrender.com/analyze-pr
Body: { "repo": "<owner/repo>", "pr_number":
, "github_token": " " } -
Parse the response:
- riskScore
- riskLevel
- issues
- summary
-
Respond to the user with:
- Risk level
- Key issues (bullet points)
- Clear recommendation:
- Safe to merge
- Needs review
- High risk – do not merge
Guardrails
- Do not guess repository or PR number.
- If API fails, inform the user and suggest retry.
- Do not expose or store GitHub tokens.
- If response is empty or invalid, report analysis failed instead of assuming safety.
Reviews (0)
No reviews yet. Be the first to review!
Comments (0)
No comments yet. Be the first to share your thoughts!