4-step-program
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative language (e.g., 'MANDATORY', 'CRITICAL', '100% coverage') to enforce a strict workflow. While intended for quality control, these patterns represent the agent's internal steering logic.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting untrusted external data.
- Ingestion points: The skill explicitly instructs the agent to read external content using
gh issue view <number>and to analyze pull request changes (SKILL.md). - Boundary markers: There are no instructions for the agent to use delimiters or 'ignore' tags when processing the body of GitHub issues or PR comments.
- Capability inventory: The agent has the capability to delegate tasks (
assign_task), communicate with other agents (send_message_to_agent), and write content back to GitHub (mcp__github__create_pull_request_review). - Sanitization: No sanitization or validation logic is specified for the data retrieved from GitHub before it is used to formulate delegation prompts or review comments.
Audit Metadata