receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill imposes strict behavioral overrides by forbidding standard conversational responses, such as expressions of gratitude or agreement, to enforce a specific technical persona.
- [COMMAND_EXECUTION]: The logic references the use of CLI tools, specifically 'grep' for codebase inspection and 'gh api' for interacting with GitHub pull request comment threads.
- [PROMPT_INJECTION]: A vulnerability surface for indirect prompt injection is present. The skill is designed to ingest and implement instructions from external review feedback. Evidence Chain: 1. Ingestion points: Processes feedback from 'External Reviewers' as described in SKILL.md. 2. Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions embedded within the review text. 3. Capability inventory: Includes the ability to search the codebase, modify files, and call external APIs. 4. Sanitization: Absent; no validation or filtering of incoming feedback is defined.
Audit Metadata