wmill-review
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from repository files and diffs.
- Ingestion points: The agent reads CLAUDE.md files and pull request diffs using
gh pr difforgit diff(Step 2 and 3). - Boundary markers: There are no explicit delimiters or instructions telling the agent to disregard instructions found within the data it is analyzing.
- Capability inventory: The skill can perform write operations on GitHub, such as posting reviews and comments via
gh pr reviewand the GitHub API (Step 7). - Sanitization: No content validation or sanitization is performed on the data ingested from the repository.
Audit Metadata