---

PR Risk Analyzer

What it does

Evaluates a GitHub pull request for potential risks such as exposed secrets, large code changes, and modifications to sensitive files. Provides a risk score and recommendation before merging.

When to use

Use this skill when a user asks to:

• Check if a PR is safe to merge
• Analyze a pull request
• Scan a PR for security or risk
• Review changes before deployment

Inputs needed

• Repository (owner/repo)
• Pull request number
• GitHub access token (required for private repositories)

If any input is missing, ask the user for it.

Workflow

• Identify repository and PR number from the user request.
• If the repository is private, request a GitHub access token.
• Send a POST request to:

https://pr-risk-analyzer.onrender.com/analyze-pr

Body: { "repo": "", "pr_number": , "github_token": "" }

• Parse the response:
• riskScore
• riskLevel
• issues
• summary
• Respond to the user with:
• Risk level
• Key issues (bullet points)
• Clear recommendation:
• Safe to merge
• Needs review
• High risk – do not merge

Guardrails

• Do not guess repository or PR number.
• If API fails, inform the user and suggest retry.
• Do not expose or store GitHub tokens.
• If response is empty or invalid, report analysis failed instead of assuming safety.