receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the GitHub CLI (
gh api) to reply to pull request comments. This is a standard and legitimate use of the tool for the skill's purpose.- [PROMPT_INJECTION]: The skill involves processing external feedback, which is a potential surface for indirect prompt injection. However, the instructions are explicitly designed to mitigate this by mandating technical verification and skepticism. - Ingestion points: External reviewer feedback strings in
SKILL.md. - Boundary markers: Not explicitly provided for the input data.
- Capability inventory: The agent can modify files and use the GitHub CLI.
- Sanitization: No programmatic sanitization; instead, the skill relies on the AI's internal technical evaluation and 'YAGNI' checks.
Audit Metadata