review-changes
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it is designed to ingest and follow the 'intent' of untrusted data such as pull request descriptions, commit messages, and linked issues. An attacker could embed instructions within these fields to manipulate the agent's review findings or verdict.
- Ingestion points: SKILL.md (Step 1: 'Read the PR description, commit messages, and any linked issues').
- Boundary markers: Absent; no delimiters are used to separate instructions from analyzed content.
- Capability inventory: The skill generates detailed code review reports and is designed to interact with GitHub review threads.
- Sanitization: No explicit sanitization or validation of the untrusted input is performed before processing.
Audit Metadata