jstar-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the jstar-reviewer package from npm, which is the primary tool for its functionality.
- [COMMAND_EXECUTION]: It uses CLI commands like jstar setup and jstar review to manage the review workflow within the user's repository.
- [CREDENTIALS_UNSAFE]: The skill documentation guides users to store sensitive Gemini and Groq API keys in local environment files.
- [PROMPT_INJECTION]: The skill handles an indirect prompt injection surface as it ingests untrusted code and PR data. 1. Ingestion points: Reads source code and git metadata (SKILL.md). 2. Boundary markers: No explicit delimiters are specified to prevent instruction injection. 3. Capability inventory: Executes CLI tools with access to the local environment and LLM APIs (SKILL.md). 4. Sanitization: No sanitization of code content is defined.
Audit Metadata