review
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill utilizes the official
ghCLI to interact with GitHub, a well-known service, for fetching PR data and posting comments. These actions are aligned with the skill's primary purpose and do not constitute unauthorized exfiltration. - [PROMPT_INJECTION]: The skill processes external data from PR diffs and comments, creating a potential surface for indirect prompt injection. This is mitigated through structured sub-agent prompts and clear boundary instructions.
- Ingestion points: Data retrieved via
gh pr diff,gh pr view, and local source file reads. - Boundary markers: The sub-agent is explicitly instructed to 'Review ONLY the changes in this PR diff' in github-pr-workflow.md.
- Capability inventory: Includes reading local files and writing to GitHub via
gh pr commentin github-pr-workflow.md. - Sanitization: The skill uses shell heredocs in github-pr-workflow.md to wrap external strings, preventing command injection when calling the GitHub CLI.
- [COMMAND_EXECUTION]: Employs standard
gitandghcommands to perform its core functions. These operations are expected for a development tool and follow safe implementation practices.
Audit Metadata