comprehensive-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's primary purpose is to ingest and analyze untrusted data (code diffs and file contents). This creates a surface for indirect prompt injection where an attacker could place malicious instructions in code comments or strings to manipulate the agent's review results.
- Ingestion points: The skill uses
git diffand theReadtool to ingest file contents into the agent context for review. - Boundary markers (Absent): The skill does not define specific delimiters or instructions to the agent to ignore embedded instructions within the code it reviews.
- Capability inventory: The agent has access to
mcp__github__*tools to post issue comments and manipulate PRs, and shell access forgitandghCLI commands. - Sanitization (Present): The skill uses a quoted heredoc pattern (
<<'EOF') when constructing the shell command forgh issue comment. This is a strong security practice that prevents the content of the review artifact from being interpreted as code or subshells by the local shell environment. - Command Execution (SAFE): The skill uses standard local tools (
git,grep,gh) to perform its tasks. The shell command templates provided in the instructions use best practices to avoid shell injection when handling dynamically generated text.
Audit Metadata