team-review
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
gitandgh(GitHub CLI) to retrieve code diffs, commit histories, and pull request metadata. These operations are necessary for performing code reviews and are constrained to standard read-only or informational flags (e.g.,git diff,gh pr view). No arbitrary or dangerous command execution was detected. - [PROMPT_INJECTION]: The skill ingests untrusted data from external sources such as pull request bodies, issue comments, and file contents. This creates a surface for indirect prompt injection where an attacker could embed instructions in code comments or PR descriptions to influence subagent behavior.
- Ingestion points: PR diffs (
gh pr diff), issue views (gh issue view), and local file reading. - Boundary markers: None explicitly defined in the instructions.
- Capability inventory: Subagent spawning (
Tasktool), file reading, and repository metadata retrieval. - Sanitization: No specific sanitization or filtering of input data is mentioned. Given the analytical nature of the skill, this is a known risk factor but is handled as a low-severity finding consistent with the skill's primary function.
- [DATA_EXFILTRATION]: The skill accesses repository data and local files to perform its review. While it processes sensitive codebase information, there are no network-based exfiltration patterns or requests to non-whitelisted domains. Data is processed locally and findings are consolidated within the agent's context.
Audit Metadata