code-review
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill exclusively uses whitelisted GitHub CLI (gh) tools to perform its tasks. All operations are restricted to the intended purpose of code analysis and providing feedback on pull requests.
- [COMMAND_EXECUTION]: The skill is authorized to execute several GitHub CLI commands (e.g., gh pr view, gh pr diff, gh pr comment) to inspect repository data and post comments. These commands run within the user's authenticated environment.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted content from pull requests and configuration files. This is a standard characteristic for automated review tools.
- Ingestion points: The skill ingests PR titles, descriptions, diffs, and CLAUDE.md files using gh tools (Step 1-4).
- Boundary markers: Untrusted PR content is passed to sub-agents for analysis without explicit security delimiters or warnings.
- Capability inventory: The skill can post automated reviews and comments to the repository using the gh toolset (Step 7, 9).
- Sanitization: Content is analyzed in its raw form to maintain the accuracy and depth of the code review.
Audit Metadata