Skills
skills/inkeep/team-skills/review/Gen Agent Trust Hub

review

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface (Category 8).
  • Ingestion points: Untrusted PR reviews, inline comments, and discussion threads are fetched from GitHub via scripts/fetch-pr-feedback.sh.
  • Boundary markers: The prompt instructions lack explicit markers to delimit external feedback or instructions to disregard potential commands within that feedback.
  • Capability inventory: The agent can execute shell commands, modify source files, and interact with the gh and git CLIs.
  • Sanitization: No sanitization is performed on the incoming PR feedback before it is analyzed by the agent.
  • [COMMAND_EXECUTION]: The skill executes local scripts and command-line utilities.
  • Evidence: Bundled scripts scripts/fetch-pr-feedback.sh and scripts/investigate-ci-failures.sh are invoked to interact with GitHub.
  • Evidence: The skill executes developer tools including gh, git, and pnpm.
  • Evidence: The skill allows for a user-provided --test-cmd argument which is executed in the local environment, providing a flexible but direct command execution path.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 08:52 AM