Skills
skills/arinhubcom/arinhub/ah-submit-code-review/Gen Agent Trust Hub

ah-submit-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using a PR identifier provided by the user. If the identifier is not properly sanitized, it could lead to command injection when calling the gh CLI.
  • [DATA_EXFILTRATION]: The skill allows the user to specify an arbitrary local path for a review file. This creates a risk where sensitive system files could be read and their contents potentially sent to GitHub as part of the review.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from GitHub PRs and external files, presenting an indirect prompt injection surface.
  • Ingestion points: Pull request titles/bodies and user-specified review files.
  • Boundary markers: None. The skill does not use delimiters or instructions to handle untrusted data safely.
  • Capability inventory: The skill can post authenticated reviews and comments to GitHub and execute sub-agent tasks.
  • Sanitization: External data is not sanitized or escaped before being included in the GitHub API request payload.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 03:25 AM