code-review
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate code review operations using standard version control and repository management tools (Git and GitHub CLI). No malicious patterns, obfuscation, or unauthorized data exfiltration attempts were detected.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests untrusted data from pull request diffs and descriptions. However, the risk is mitigated by its strict 'Extremely Critical' persona and structured 6-pass analysis.
- Ingestion points: Reads external data via
gh pr view,gh pr diff, andgit diffinSKILL.md. - Boundary markers: None explicitly implemented to separate untrusted PR content from instructions.
- Capability inventory: Can post to GitHub (
gh pr comment,gh pr review) and orchestrate multiple agents viateams. - Sanitization: No content sanitization is performed on ingested code or comments.
Audit Metadata