Skills
skills/arinhubcom/arinhub/ah-submit-code-review/Gen Agent Trust Hub

ah-submit-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes data from external files and chat history to generate the content of GitHub review comments.
  • Ingestion points: The skill reads issue descriptions, explanations, and code suggestions from user-provided file paths (Step 5) and the current chat session (Step 3).
  • Boundary markers: The procedure relies on Markdown structure (e.g., ## Issues headers) to extract data but lacks explicit delimiters or instructions to ignore potential commands embedded within the analyzed code or review text.
  • Capability inventory: The skill has write access to GitHub via the gh api command, allowing it to post automated comments and status changes (REQUEST_CHANGES/APPROVE) to Pull Requests.
  • Sanitization: No explicit sanitization or filtering of the extracted text is performed before it is included in the final API payload, which could allow malicious instructions in a code review file to influence the agent's behavior or the resulting GitHub comment.
  • [COMMAND_EXECUTION]: The skill heavily utilizes the gh (GitHub CLI) and jq utilities to perform repository operations and API calls.
  • The skill uses a quoted heredoc (<<'EOF') when building the JSON payload for the gh api command in Step 8, which is a security best practice to prevent shell variable expansion and command injection within the payload itself.
  • The procedure includes a preflight validation step to verify JSON syntax before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 06:55 AM