Skills
skills/a2f0/tearleads/cross-agent-review/Gen Agent Trust Hub

cross-agent-review

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local commands git and gh to retrieve repository metadata and pull request diffs for analysis.
  • [COMMAND_EXECUTION]: It invokes a local vendor script agentTool.ts to manage interactions with external AI agents and update pull request labels. This is considered standard behavior for a development utility.
  • [PROMPT_INJECTION]: An indirect prompt injection surface was identified where the skill ingests pull request diffs and metadata. Evidence: 1. Ingestion points: git diff and gh pr list in SKILL.md; 2. Boundary markers: Not present; 3. Capability inventory: PR tagging and review solicitation via agentTool.ts in SKILL.md; 4. Sanitization: None detected. This is evaluated as safe because it is the primary intended function of the skill and does not expose dangerous capabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:13 PM