address-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it incorporates untrusted data from GitHub pull request comments and review documents into its decision-making process. 1. Ingestion points: Pull request comments and review threads fetched via the GitHub GraphQL/REST APIs, as well as local repository files. 2. Boundary markers: Absent; there are no explicit delimiters used to separate external feedback from the agent's internal instructions. 3. Capability inventory: The skill has the ability to read and write files and execute authenticated POST and mutation requests via the GitHub CLI. 4. Sanitization: No sanitization or filtering is applied to the feedback content before it is processed or presented to the user.
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI ('gh api') to interact with the GitHub platform. While these commands are necessary for the skill's functionality, they run with the user's permissions and could be manipulated to perform unauthorized actions if the agent is misled by malicious input from a PR comment.
Audit Metadata