receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill utilizes behavioral constraints (e.g., 'NEVER: You're absolutely right!', 'Forbidden Responses') to override the agent's default conversational guidelines and persona. These function as instructions to suppress standard AI safety or politeness filters.
- Indirect Prompt Injection (LOW): The skill is designed to process 'External Feedback,' which is an untrusted data source. 1. Ingestion points: GitHub review comments (accessed via
gh api). 2. Boundary markers: Absent; the skill relies on behavioral skepticism rather than technical delimiters. 3. Capability inventory: Filesystem access (grep), code modification, and GitHub API interaction. 4. Sanitization: Absent. - Command Execution (SAFE): The skill instructs the agent to use
grepand the GitHub CLI (gh api) for verification and communication. These tools are used within their intended development context and do not incorporate unvalidated remote payloads.
Audit Metadata