receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the GitHub CLI tool via
gh apito post replies to pull request comments. It also suggests usinggrepto search the codebase for feature usage as part of a 'YAGNI' (You Ain't Gonna Need It) check. - [PROMPT_INJECTION]: The skill operates on external input in the form of code review feedback, which constitutes an indirect prompt injection surface. The instructions mitigate this risk by explicitly directing the agent to evaluate feedback for technical correctness, check for potential breakage, and verify against the codebase before implementation.
Audit Metadata