Skills
skills/hifisaputra/skills/process-reviews/Gen Agent Trust Hub

process-reviews

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git and gh (GitHub CLI) to perform repository operations such as creating worktrees, checking out branches, and managing labels. Evidence found throughout Phase 0, 1, and 2 in SKILL.md.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data (PR titles, comments, and diffs) which could contain malicious instructions aimed at influencing the agent's behavior.
  • Ingestion points: gh pr list, gh pr view, and gh api calls in SKILL.md (Phase 1).
  • Boundary markers: Absent. No specific delimiters or warnings are used to separate untrusted PR data from instructions.
  • Capability inventory: git checkout, gh pr edit (label modification), and gh api (posting comments) found in SKILL.md (Phases 2 and 3).
  • Sanitization: Absent. The skill does not implement validation or escaping for the external PR content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 03:40 AM