review-feedback
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
gh apicommand for responding to GitHub pull request comments. This is a legitimate use of the official GitHub CLI to perform its intended function of managing repository communication.\n- [PROMPT_INJECTION]: The skill primary consists of behavioral instructions that direct the agent to resist social pressure in reviews (e.g., forbidding phrases like 'You're absolutely right!'). These are defensive constraints intended to ensure technical rigor and do not constitute a security risk.\n- [PROMPT_INJECTION]: The skill manages a surface for indirect prompt injection as it processes feedback from external reviewers.\n * Ingestion points: External code review comments identified in the SKILL.md 'Source-Specific Handling' section.\n * Boundary markers: None explicitly defined for input comments.\n * Capability inventory: Interaction with the GitHub API via CLI and modification of the local codebase.\n * Sanitization: The skill mandates a technical verification protocol ('Verify before implementing') and YAGNI (You Ain't Gonna Need It) checks, which act as a logical sanitization layer against potentially malicious or incorrect external suggestions.
Audit Metadata