review-changes
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands including
git status,git diff, andgh issue view. These commands are used to retrieve the current state of the repository and context from GitHub issues to perform the review. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from multiple sources without sanitization or clear boundary markers.
- Ingestion points: The skill reads data from
git diff(code changes), local files in the.plans/directory, and external data viagh issue view(GitHub issue titles and descriptions). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious instructions embedded within the code diffs or issue descriptions.
- Capability inventory: The agent has the capability to execute shell commands (
bash) and read/write files to the local filesystem (e.g., creating reports in.reviews/). - Sanitization: There is no evidence of sanitization, validation, or filtering of the content retrieved from git or GitHub before it is processed for analysis.
Audit Metadata