learn-from-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses the GitHub CLI (gh) and curl to programmatically fetch repository metadata and review comments.
- [PROMPT_INJECTION]: Susceptible to indirect prompt injection as it processes untrusted data from external PR comments. * Ingestion points: Fetches PR review comments and reviews via gh api in SKILL.md. * Boundary markers: No explicit delimiters or system instructions are used to separate untrusted comment content from the generation prompt. * Capability inventory: The skill can write files to .openhands/skills/ and AGENTS.md, and it can open new pull requests. * Sanitization: Step 3 in SKILL.md filters for noise and length but does not perform security sanitization against malicious instructions embedded in the comments.
Audit Metadata