code-review
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from external sources.\n
- Ingestion points: PR comments are retrieved via the GitHub CLI in
scripts/fetch_review_comments.py, and code diffs are read using git inscripts/incremental_review_mapper.pyandscripts/build_snapshot.py.\n - Boundary markers: There are no explicit delimiters or instructions to the agent to disregard instructions potentially embedded within comments or patches.\n
- Capability inventory: The agent can write files and execute git/gh commands across multiple scripts.\n
- Sanitization: No sanitization or filtering of the external text content is performed before it is processed by the agent context.\n- [COMMAND_EXECUTION]: The skill's Python scripts execute system commands using the
subprocessmodule to manage the review lifecycle.\n - Evidence: Found in
scripts/fetch_review_comments.py(executinggh),scripts/build_snapshot.py(executinggit), andscripts/incremental_review_mapper.py(executinggit).\n - Context: These operations are functional for the skill's purpose but involve processing user-provided identifiers like branch names, PR numbers, and commit SHAs.
Audit Metadata