Skills
skills/doodledood/claude-code-plugins/build-review-persona/Gen Agent Trust Hub

build-review-persona

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by design.
  • Ingestion points: Fetches untrusted data including inline review comments, review body comments, and conversation comments from GitHub PRs using the GitHub CLI (gh api).
  • Boundary markers: The generated skill file at ~/.claude/commands/review-as-me.md uses Markdown headers to structure the mined data but lacks explicit delimiters or safety instructions to prevent the agent from interpreting mined content as executable instructions.
  • Capability inventory: The generated skill is capable of reviewing code branches and posting automated comments to GitHub repositories using the gh api.
  • Sanitization: No sanitization or filtering of the external data is performed; the skill explicitly captures verbatim comments for its calibration examples.
  • [COMMAND_EXECUTION]: Utilizes system utilities to interact with version control and the GitHub platform.
  • Evidence: Invokes git log for user identification and gh api for data collection and review submission.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:34 AM