help-me-review
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it directs the agent to ingest and analyze untrusted content from external diffs and source files.
- Ingestion points: The agent reads from raw.diff and individual hunk files in the .review/blocks directory as instructed in the workflow.
- Boundary markers: There are no explicit instructions or delimiters provided to the agent to help it ignore potentially malicious instructions embedded within the analyzed code.
- Capability inventory: The agent can execute git commands and Node.js scripts, which are used to manipulate the diff data.
- Sanitization: No sanitization or filtering is performed on the diff hunks or source code before the agent processes them.
- [COMMAND_EXECUTION]: The skill workflow involves executing command-line tools like git diff and gh pr diff, as well as Node.js scripts provided within the skill package. These are standard operations for generating and processing code reviews.
Audit Metadata