Skills
skills/nousresearch/hermes-agent/github-code-review/Gen Agent Trust Hub

github-code-review

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill uses standard CLI tools (git, gh) and the official GitHub API to perform its functions. The retrieval of credentials from local files like ~/.git-credentials and ~/.hermes/.env is a documented setup step for authentication with the well-known service GitHub.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data from git diffs and Pull Request content.
  • Ingestion points: Untrusted data enters the context through git diff output, gh pr view responses, and Pull Request metadata fetched via the GitHub API in SKILL.md.
  • Boundary markers: The skill does not implement specific delimiters or instructions to ignore embedded commands within the code diffs or PR descriptions.
  • Capability inventory: The agent has the capability to write to the repository environment via git checkout and perform network writes to the GitHub API via curl and gh to post comments or approve PRs.
  • Sanitization: No explicit sanitization or escaping of external PR content is performed before the agent processes the information for its review.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 07:07 AM