receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities detected. The skill focuses on promoting technical rigor and skepticism towards external inputs during the code review process.
- [COMMAND_EXECUTION]: The skill references using the GitHub CLI (
gh api) to interact with pull request comments. This is a standard operational capability for PR automation and does not involve arbitrary command execution. - [PROMPT_INJECTION]: The skill includes behavioral constraints (e.g., forbidding 'performative agreement' phrases) to ensure technical objectivity. These are benign instructions and do not attempt to bypass safety filters.
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by processing external code review feedback.
- Ingestion points: External code review comments.
- Boundary markers: Not explicitly defined.
- Capability inventory: GitHub API interaction and file-writing capabilities.
- Sanitization: The skill mandates technical verification and skeptical evaluation as defensive measures before implementing any suggested changes.
Audit Metadata