Skills
skills/gigaverse-app/skillet/pythonista-reviewing/Gen Agent Trust Hub

pythonista-reviewing

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection because it ingests and processes untrusted code changes from pull requests which may contain malicious instructions.
  • Ingestion points: Untrusted data enters the agent context through git diff output saved to /tmp/pr-diff.txt and subsequent processing by LLM scripts.
  • Boundary markers: Absent. The skill does not define specific delimiters to separate the code being reviewed from the instructions provided to the agent.
  • Capability inventory: The skill executes shell commands (git, wc), runs local utility scripts (./scripts/*.sh), and has the capability to propose code changes to the user.
  • Sanitization: No sanitization or filtering of the diff content is performed before it is passed to the analysis tools.
  • [COMMAND_EXECUTION] (SAFE): The skill uses standard development commands like git and wc and references local helper scripts. This behavior is expected for a code review utility and does not exhibit malicious intent.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends installing the llm and llm-claude-3 packages via pip. These are well-known and trustworthy tools in the developer community.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:34 PM