ce-code-review
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard version control and repository management tools (git, gh) to fetch code, determine diff scopes, and interact with pull requests. This is standard behavior for the skill's stated purpose.
- [PROMPT_INJECTION]: The skill ingests untrusted external data (PR titles and descriptions) via the GitHub CLI. This data is passed to sub-agents to provide context for reviews.
- Ingestion points: SKILL.md Stage 1 (gh pr view) and Stage 4 dispatch.
- Boundary markers: Present; the skill uses '' XML-like tags to delimit untrusted data in sub-agent prompts.
- Capability inventory: The skill possesses shell command execution capabilities and file modification privileges via the review-fixer agent.
- Sanitization: Not explicitly mentioned, however, the structured handling of input via templates reduces the risk of accidental instruction obedience.
- [DYNAMIC_EXECUTION]: The skill utilizes a 'review-fixer' sub-agent to dynamically generate and apply code modifications to the local repository based on review findings. This behavior is the primary intended function of the 'autofix' and 'interactive' modes.
- [DATA_EXFILTRATION]: Integrates with external developer platforms such as GitHub and Linear to retrieve metadata and create issue tickets. These network-dependent operations are performed using authenticated official tools (gh) or dedicated integrations and are appropriate for a code review and tracking workflow.
Audit Metadata