gh-process-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill's functionality is centralized in a shell script (review.sh) located within the skill directory. While the script is a component of the skill, execution of shell scripts involves inherent risks. The skill also performs git operations like commit and push.
- [PROMPT_INJECTION] (LOW): This skill exhibits a surface for Indirect Prompt Injection (Category 8) as it processes review comments from GitHub. Evidence Chain: 1. Ingestion points: Data is fetched from GitHub via review.sh fetch and read via review.sh get. 2. Boundary markers: Absent; there are no instructions to delimit or ignore instructions within comments. 3. Capability inventory: The agent has the ability to write to the file system, execute shell commands via the skill's script, and perform git commits/pushes. 4. Sanitization: Absent; no mention of sanitizing or escaping the retrieved comment content.
Audit Metadata