review
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands including
git,gh,find, andmkdir. It interpolates user-provided variables such as$PR_REFand$AGENT_PATHinto these commands to fetch and process review targets. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external PRs and code files. Ingestion points: Untrusted content is ingested from GitHub PR metadata, git diffs, and files within agent output directories. Boundary markers: No specific delimiters or 'ignore' instructions are used to separate untrusted content from agent instructions. Capability inventory: The skill has the ability to write to the local file system and post comments to external GitHub repositories via the
ghCLI. Sanitization: No sanitization of the ingested content is performed before it is processed by the agent.
Audit Metadata