receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes feedback from external sources, which creates a potential surface for indirect prompt injection. * Ingestion points: Code review feedback from external reviewers. * Boundary markers: The skill does not specify markers to separate untrusted feedback from its instructions. * Capability inventory: Includes the use of grep for searching and the GitHub CLI (gh api) for communication. * Sanitization: Input sanitization for review text is not described.
- [COMMAND_EXECUTION]: The skill utilizes command-line tools such as grep and gh. These are used for the skill's primary tasks but provide a functional surface for the agent to interact with its environment.
Audit Metadata