code-review
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the gh command-line interface to view pull request details and diffs. These actions are performed through a Bash tool restricted to the gh namespace, which is appropriate for the skill's stated purpose of reviewing code.
- [EXTERNAL_DOWNLOADS]: It retrieves pull request data and source code from GitHub, which is a well-known and trusted service. No other external network requests or downloads from untrusted sources are performed.
- [PROMPT_INJECTION]: The skill processes untrusted content from pull request descriptions and source code, creating a surface for indirect prompt injection. Ingestion points: Data enters the context via gh pr view, gh pr diff, and the Read tool for files. Boundary markers: There are no explicit instructions to the AI to ignore embedded commands or markers to delimit code from instructions. Capability inventory: The agent can execute gh commands, read files, and perform pattern matching. Sanitization: No sanitization or filtering of the input data is performed before processing.
Audit Metadata