wf4-review
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands 'git diff' and 'gh pr view' to retrieve implementation details and pull request statuses for review purposes.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). Ingestion points: Untrusted data is ingested via 'git diff' output and pull request metadata from 'gh pr view'. Boundary markers: There are no defined delimiters or instructions to ignore embedded commands within the processed data. Capability inventory: The skill can execute shell commands ('git', 'gh') and write to local files such as '04_REVIEW.md' and 'state.json'. Sanitization: No input validation or sanitization is performed on the data fetched from external sources before being processed by the agent.
Audit Metadata