receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to process and implement suggestions from external reviewers, which constitutes a surface for malicious instructions to be injected into the agent's context.
- Ingestion points: External review comments (GitHub) as referenced in
references/source-handling-and-examples.md. - Boundary markers: Absent; the skill does not instruct the agent to use delimiters or specific ignore-rules for the ingested feedback text.
- Capability inventory: The agent is expected to write to the filesystem (implement code changes) and interact with the GitHub API via the
ghtool. - Sanitization: Absent; the skill relies on behavioral skepticism rather than technical escaping or validation.
- Command Execution (SAFE): The skill provides documentation for using the
gh apicommand to interact with GitHub pull request threads. This is a standard tool usage for the stated purpose and does not involve risky execution patterns. - No Code (SAFE): The skill consists entirely of Markdown instructions and contains no executable scripts, binaries, or automated installation procedures.
Audit Metadata