receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to process and act upon external, untrusted code review feedback. This creates an attack surface where a reviewer could attempt to inject malicious instructions. (1) Ingestion points: External code review feedback via GitHub PR comments or external reviewers. (2) Boundary markers: Absent in the incoming data, though the skill provides a multi-step cognitive framework to treat input as data to verify rather than instructions to follow. (3) Capability inventory: Subprocess calls via grep, GitHub API interaction, and file writing (implementing fixes). (4) Sanitization: The skill mandates technical verification against the codebase, YAGNI checks, and architectural alignment as manual/technical verification steps before implementation.
- Command Execution (LOW): The skill instructs the agent to use 'grep' for codebase searches (e.g., YAGNI checks). While this is a standard developer capability, it is noted here as it represents a command-line interface used for technical verification.
Audit Metadata