Skills
skills/codingheader/myskills/receiving-code-review/Gen Agent Trust Hub

receiving-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to process and implement feedback from external reviewers, creating an attack surface for indirect prompt injection.
  • Ingestion points: External code review feedback.
  • Boundary markers: The skill lacks explicit instructions for using delimiters (e.g., XML tags or markdown blocks) to isolate untrusted feedback when processed by the agent.
  • Capability inventory: The skill utilizes grep for codebase searching and the GitHub CLI (gh api) for replying to comments (SKILL.md).
  • Sanitization: No programmatic sanitization or validation of the feedback content is specified; the skill relies on the agent's logical evaluation and technical verification steps to mitigate risks.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for verification and interaction.
  • Evidence: Use of grep for searching the codebase to verify usage (YAGNI check) and gh api for interacting with the GitHub Pull Request API (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:27 AM