receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's instructions are defensive in nature and aim to improve technical quality by requiring verification of external input.
- [COMMAND_EXECUTION]: The skill mentions using standard developer tools such as grep for searching the codebase and the gh api for replying to GitHub comments. These actions are aligned with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill manages the processing of external code review feedback, which is an untrusted data source. 1. Ingestion points: External code review feedback from human partners or third-party reviewers. 2. Boundary markers: No explicit delimiters or boundary markers are defined in the provided instructions. 3. Capability inventory: The agent can perform codebase analysis via grep and communicate via the GitHub API. 4. Sanitization: The skill incorporates a mandatory verification and evaluation process (READ, UNDERSTAND, VERIFY, EVALUATE) as a manual sanitization step to prevent the implementation of incorrect or malicious suggestions.
Audit Metadata