Skills
skills/tomlord1122/tomtom-skill/code-review-master/Gen Agent Trust Hub

code-review-master

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local bash script scripts/pr-diff.sh that utilizes gh (GitHub CLI) and jq to retrieve pull request information and code diffs from external repositories.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection from processed data.
  • Ingestion points: Untrusted data enters the agent context through the scripts/pr-diff.sh script, which fetches pull request titles, bodies, and source code diffs.
  • Boundary markers: While the script wraps retrieved content in Markdown code blocks, there are no specific instructions to the AI model to ignore embedded natural language commands within the processed data.
  • Capability inventory: The skill conducts security and logic analysis based on the ingested content. It does not possess direct file-write or network-send capabilities beyond the read-only fetch operations.
  • Sanitization: The script uses jq to ensure structural data integrity for JSON output, but it does not perform filtering or sanitization of natural language instructions present in the ingested content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 03:37 PM