code-review
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to its core functionality of reading and processing untrusted source code.
- Ingestion points: Code changes are ingested through
git diffandgh pr diffas documented in SKILL.md. - Boundary markers: The instructions do not provide explicit delimiters or "ignore embedded instructions" warnings for the agent when reading file content.
- Capability inventory: The skill has the capability to read local files and post comments to GitHub using the
ghtool, which could be misused if the agent follows instructions hidden within reviewed code. - Sanitization: There is no evidence of sanitization or filtering of the ingested code content before it is processed by the agent.
Audit Metadata