Skills
NYC
skills/thebushidocollective/han/code-review/Gen Agent Trust Hub

code-review

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill explicitly references and utilizes an external capability code-reviewer from the bushido organization. As bushido is not on the list of verified trusted sources, the behavior and safety of this dependency cannot be confirmed during analysis.
  • [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it processes content that can be modified by an attacker in a pull request.
  • Ingestion points: The skill reads pull request summaries, diffs, code comments, and repository-level CLAUDE.md files using gh pr view, gh pr diff, and git (Steps 2, 3, and 4).
  • Boundary markers: Absent. The instructions for the sub-agents do not include delimiters or warnings to ignore instructions embedded within the ingested code or PR data.
  • Capability inventory: The skill possesses the capability to post comments to GitHub using gh pr comment (Step 8).
  • Sanitization: Absent. The ingested data is used to formulate the final review output without any evident filtering or sanitization steps.
  • [COMMAND_EXECUTION] (SAFE): The skill performs shell operations using the GitHub CLI (gh) and git. These tools are appropriately restricted to specific subcommands in the allowed-tools configuration, adhering to the principle of least privilege.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 11:22 PM