Skills
skills/openhands/extensions/learn-from-code-review/Gen Agent Trust Hub

learn-from-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes gh (GitHub CLI) commands to retrieve repository information and list pull requests. This is a standard operation for the skill's intended purpose.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with GitHub's official API (api.github.com) to download pull request comments and review data. This is a legitimate use of a well-known service.
  • [PROMPT_INJECTION]: The skill processes untrusted input from pull request comments, creating a surface for indirect prompt injection.
  • Ingestion points: External comments and reviews are retrieved from the GitHub API in SKILL.md (Step 2).
  • Boundary markers: There are no explicit delimiters or instructions to treat comment text as untrusted data during the distillation phase.
  • Capability inventory: The skill can write files to the local filesystem (creating new skills) and create pull requests using the create_pr tool.
  • Sanitization: The workflow filters for bots and short strings but does not specifically sanitize the content of comments for malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 02:37 AM