Skills
skills/sultanfarizbythen/skills/go-code-review/Gen Agent Trust Hub

go-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface detected where the skill processes untrusted PR diff data. This could allow an attacker to embed instructions in code to influence the agent's review. \n
  • Ingestion points: 'gh pr diff' in SKILL.md and reading of full project files.\n
  • Boundary markers: Absent; instructions do not contain specific delimiters or warnings to ignore code-embedded instructions.\n
  • Capability inventory: Limited to code review analysis and reporting; no high-risk capabilities like file system writes or arbitrary execution are triggered by the data content.\n
  • Sanitization: Absent; the skill reads raw diff and file content directly.\n- [COMMAND_EXECUTION]: The skill executes the GitHub CLI ('gh') to retrieve pull request data. This is a legitimate use of a well-known tool for the skill's primary intended function.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 04:44 AM