code-review
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various command-line tools to perform its tasks, including
git,gh(GitHub CLI), andglab(GitLab CLI). These are used to identify repository remotes, fetch change metadata, and submit review findings. It also runs local Python scripts from thegithub,gitlab, andgerritskill directories to verify authentication and fetch change details. - [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection via the untrusted data it processes during reviews.
- Ingestion points: Potentially malicious instructions could be embedded in PR/MR titles, descriptions, comments, or the source code diffs retrieved via
gh pr difforglab mr diff. Theremembercommand also ingests data from external URLs. - Boundary markers: The workflow does not specify the use of delimiters or 'ignore' instructions when presenting fetched external content to the agent, increasing the risk of the agent following instructions embedded in the code or metadata.
- Capability inventory: The skill has the ability to execute shell commands and perform write operations like posting comments or approving changes on external platforms.
- Sanitization: No sanitization or validation of the external content is performed before it is added to the model's context.
Audit Metadata