comprehensive-code-review
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The
skill-report.jsonfile contains a pre-populatedsecurity_auditsection that explicitly claims the skill is safe and dismisses security findings as false positives. This is a self-referential attempt to poison metadata and influence the analyzer's judgment (Category 8e). - [PROMPT_INJECTION]: The skill exhibits a classic indirect prompt injection vulnerability surface. Ingestion points: The skill retrieves untrusted pull request descriptions, issue bodies, and code diffs via
gh pr viewandgh pr diff(SKILL.md). Boundary markers: None; the ingested content is interpolated directly into prompts without delimiters or instructions to ignore embedded commands. Capability inventory: The skill has permissions to post comments and reviews to GitHub (gh pr comment,gh pr review) and write files to the local.reviews/directory. Sanitization: No sanitization or validation is performed on the ingested data before processing. - [COMMAND_EXECUTION]: The skill relies on shell command execution via
gitandgh. While functional for code review, the lack of input validation on potential variables like PR numbers or branch names poses a risk. - [REMOTE_CODE_EXECUTION]: The 'Parallel Review Mode' uses a dynamic
Task()orchestration pattern to launch sub-agents. The prompts for these sub-agents are constructed at runtime using untrusted data from the code diffs, allowing for remote instruction execution via the sub-agent interface.
Audit Metadata