Skills
skills/hifisaputra/skills/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of external, untrusted data.
  • Ingestion points: Pull request titles and bodies (gh pr view), linked issue titles and bodies (gh issue view), and code diffs (gh pr diff).
  • Boundary markers: The skill lacks explicit boundary markers or delimiters to separate instructions from the data being reviewed.
  • Capability inventory: The skill has the capability to write back to the environment by posting reviews and comments on GitHub via gh api and gh pr comment.
  • Sanitization: There is no evidence of sanitization or filtering applied to the retrieved metadata before it is presented to the model for analysis.
  • [COMMAND_EXECUTION]: The skill executes multiple system commands using the GitHub CLI (gh) to perform its operations.
  • Evidence: Commands such as gh repo view, gh pr view, gh issue view, and gh api are used throughout the skill's workflow to gather context and post results.
  • Risk: While these commands are core to the skill's functionality, they involve the use of variables (like PR numbers and issue numbers) extracted from the environment, which requires careful handling to prevent command injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 06:45 PM