Skills
skills/harivansh-afk/auto-review-check/implement-review-loop/Gen Agent Trust Hub

implement-review-loop

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill executes npx devin-review as part of its Phase 3 workflow. This command downloads and executes the devin-review package from the npm registry at runtime.
  • [PROMPT_INJECTION]: The skill implements a workflow vulnerable to indirect prompt injection by ingesting external PR comments to guide code implementation.
  • Ingestion points: External PR comments and review feedback are fetched in scripts/fetch_pr_comments.sh via the GitHub API.
  • Boundary markers: The script uses Markdown headers and separators to delimit comments but does not include explicit instructions for the agent to ignore malicious commands within the content.
  • Capability inventory: The agent is granted permission to implement code changes, run tests, and execute CLI commands like gt and gh.
  • Sanitization: PR comment bodies are used directly in the prompt context without sanitization or filtering.
  • [COMMAND_EXECUTION]: The skill relies on the Graphite CLI (gt) and GitHub CLI (gh) to manage branches, submit PRs, and retrieve repository metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 11:02 AM