code-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
gh pr checkoutto switch branches andnpm run preflightto execute project-defined verification scripts. These commands are executed as subprocesses and rely on the integrity of the local environment and the project's configuration files.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources (GitHub PRs) and local files (diffs).\n - Ingestion points: Pull Request descriptions and comments fetched from GitHub, as well as code diffs from the local repository.\n
- Boundary markers: There are no explicit delimiters or system instructions to the agent to treat the code/PR content as data only and ignore any instructions found within it.\n
- Capability inventory: The skill can execute shell commands (
npm,gh,git) which could be targeted by injected instructions.\n - Sanitization: No sanitization or filtering of the ingested content is performed before the agent analyzes it.
Audit Metadata