receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its primary function is to process and implement feedback from external sources.
- Ingestion points: The skill instructions specifically direct the agent to 'READ' and 'EVALUATE' feedback from 'External Reviewers', which constitutes untrusted data entering the prompt context.
- Boundary markers: The skill lacks explicit instructions for using delimiters or boundary markers to isolate external feedback from the agent's core instructions.
- Capability inventory: The agent has the capability to search the codebase (
grep), interact with the GitHub API (gh api), and modify project files ('Implement: One item at a time'). - Sanitization: There are no instructions provided to sanitize, filter, or validate the content of the external review feedback before processing it.
- [COMMAND_EXECUTION]: The skill utilizes command-line tools to fulfill its technical verification and communication requirements.
- Codebase Search: Uses
grepto identify usage patterns for YAGNI (You Ain't Gonna Need It) checks. - GitHub API Interaction: Uses
gh apito post replies to specific pull request comment threads, enabling automated interaction with the version control platform.
Audit Metadata