forge-reflect-pr
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting untrusted codebase content.
- Ingestion points: Reads changed files and git diff output (SKILL.md).
- Boundary markers: Absent; no specific instructions to ignore embedded commands in the files being reviewed.
- Capability inventory: Can read/write files and execute bash commands and the GitHub CLI (SKILL.md).
- Sanitization: Absent; content from the repository is processed directly by the agent without escaping or filtering.
Audit Metadata