code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through its ingestion of pull request comment data. * Ingestion points: SKILL.md fetches reviewer feedback using 'gh api repos/$GITHUB_REPOSITORY/pulls//comments'. * Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded in comment bodies. * Capability inventory: The agent has the ability to read/edit files and execute 'git push', which could be abused if malicious instructions are followed. * Sanitization: No sanitization of the comment text is performed before the agent processes it to understand requested changes.
- COMMAND_EXECUTION (SAFE): The skill utilizes standard 'gh' and 'git' commands which are necessary for its primary purpose of managing pull requests. These commands are used within the scope of the target repository.
Audit Metadata