code-review
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands to perform its duties. Specifically, it uses
gitto analyze local changes and thegh(GitHub) CLI to fetch pull request data, comments, and to post review summaries back to GitHub. It also executes a local Node.js script using thenodecommand. - [EXTERNAL_DOWNLOADS]: Through the
capture-screenshots.jsscript, the skill uses Playwright (Chromium) to navigate to external URLs, primarily onaem.pageandaem.livedomains. This is done to capture screenshots and perform visual validation of the changes. The skill relies on the well-knownplaywrightpackage from the official NPM registry. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from multiple sources including git diffs, GitHub PR comments, and the text content of the web pages it visits via Playwright.
- Ingestion points:
gh pr view,gh pr diff,gh api(comments), and the browser context incapture-screenshots.js(file:SKILL.md,scripts/capture-screenshots.js). - Boundary markers: The instructions do not define strict boundary markers or 'ignore' instructions when processing this external data.
- Capability inventory: The skill can execute shell commands (
git,gh,node), write files to the local disk, and access the network via a browser (file:SKILL.md,scripts/capture-screenshots.js). - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external sources before it is analyzed by the agent.
Audit Metadata