Skills
skills/openharmonyinsight/openharmony-skills/review-gitcode-pr/Gen Agent Trust Hub

review-gitcode-pr

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes Python scripts to orchestrate interactions with the local repository and the GitCode platform.\n
  • Evidence: The collect_pr_context.py and prepare_review_submission.py scripts call the git and oh-gc binaries using the subprocess.run function.\n
  • Risk: Standard automation behavior; however, the risk is minimized by passing arguments as lists rather than shell strings, preventing shell injection vulnerabilities.\n- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes data provided by external users in the context of a pull request.\n
  • Ingestion points: Pull request titles, descriptions, and comments are fetched via oh-gc and saved to pr-view.json and pr-comments.json, which the agent is then instructed to read.\n
  • Boundary markers: The skill's instructions (SKILL.md) do not establish clear delimiters or provide instructions to the agent to disregard commands embedded within the fetched PR content.\n
  • Capability inventory: The skill enables the agent to read local source files and use the oh-gc tool to post comments or approve pull requests based on the processed data.\n
  • Sanitization: The scripts do not perform sanitization or filtering of the remote content before it is ingested into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 06:02 PM