Skills
skills/jnmetacode/superpowers-zh/receiving-code-review/Gen Agent Trust Hub

receiving-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes instructions for using the GitHub CLI (gh api) to programmatically reply to pull request comments on GitHub.
  • [PROMPT_INJECTION]: The skill defines a specific behavioral signal ("Strange things are afoot at the Circle K") for the agent to communicate architecture-related conflicts or discomfort in specific contexts.
  • [PROMPT_INJECTION]: The skill processes external code review feedback from pull requests, representing a surface for indirect prompt injection.
  • Ingestion points: Pull request comments and external reviewer feedback ingested through the receiving-code-review workflow in SKILL.md.
  • Boundary markers: None explicitly defined to delimit untrusted feedback from internal instructions.
  • Capability inventory: Ability to perform file searches via grep and interact with the GitHub API via gh api.
  • Sanitization: No explicit data sanitization or input validation mentioned; however, the skill mandates manual technical verification of all suggestions before implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 06:01 AM