review-pr
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted code from pull requests or branch diffs, which exposes it to indirect prompt injection where hidden instructions in the code could manipulate the agent's output.
- Ingestion points: The skill reads file contents and git diffs as specified in the workflow steps in SKILL.md.
- Boundary markers: There are no explicit delimiters or warnings to the agent to ignore embedded instructions within the code being reviewed.
- Capability inventory: The skill uses graph querying, semantic search, and documentation tools; it does not have tools for arbitrary command execution or external network requests.
- Sanitization: The skill does not perform any sanitization, validation, or escaping of the code content before processing it.
Audit Metadata