Skills
skills/bnadlerjr/dotfiles/reviewing-code-perfectly/Gen Agent Trust Hub

reviewing-code-perfectly

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted content from GitHub Pull Requests (titles, descriptions, and code) using the gh CLI. It lacks explicit boundary markers or instructions to the agent to disregard instructions embedded within the PR content.
  • Ingestion points: PR metadata and diffs fetched in Step 1 and Step 2.
  • Boundary markers: Absent in the workflow instructions.
  • Capability inventory: Access to Bash, Read, Grep, and Glob tools.
  • Sanitization: No sanitization or escaping of the ingested PR content is performed before processing.
  • [COMMAND_EXECUTION]: The skill executes shell commands via the Bash tool, including a custom utility pr-review-worktree. It uses a pattern of direct interpolation for user input: REVIEW_DIR=$(pr-review-worktree setup <PR-ID>), which is a potential command injection vector. It also relies on the external gh CLI for core functionality.
  • [EXTERNAL_DOWNLOADS]: Fetches Pull Request data and diffs from GitHub using the official gh CLI tool. This is a standard operation for the skill's purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 10:17 PM