tribunal
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to executegitandgh(GitHub CLI) commands. These commands are used to fetch repository information and pull request data, which is appropriate for its stated purpose of performing code reviews.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from external sources and interpolates it into the prompts of review sub-agents without sanitization.\n - Ingestion points: Untrusted data enters the context via
Read,Bash("gh pr diff ..."), andBash("git diff ...")inSKILL.md.\n - Boundary markers: Absent. The content is simply placed under markdown headers (e.g.,
## Content) with no delimiters or specific instructions to ignore embedded commands.\n - Capability inventory: The skill has access to file system tools (
Read,Grep,Glob), shell execution (Bash), and sub-agent orchestration (Task).\n - Sanitization: Absent. External content is passed verbatim to the
Tasktool for processing by sub-agents.
Audit Metadata