personal-commit-review
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the GitHub CLI ('gh') via the 'subprocess.run' module to execute authenticated commands, including 'gh api' for GraphQL/REST queries and 'gh repo view' for repository metadata collection.
- [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface due to its reliance on untrusted external data from GitHub.
- Ingestion points: The 'collect_commit_review.py' script and 'gh api' commands fetch commit messages, repository descriptions, and documentation (READMEs) which are attacker-controlled if the repository is public or has external contributors.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between its own logic and the content of the retrieved GitHub data.
- Capability inventory: The skill has the capability to execute CLI commands and write output to the local filesystem.
- Sanitization: The skill does not perform any sanitization, filtering, or validation of the commit data before it is integrated into the narrative review.
Audit Metadata