Skills
skills/udecode/better-convex/workflows-review/Gen Agent Trust Hub

workflows-review

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests untrusted data from GitHub Pull Requests and passes it to multiple parallel analysis agents.
  • Ingestion points: The skill fetches PR metadata (titles, bodies, comments) and file contents using gh pr view and Git commands, and passes this data into Task instructions for sub-agents.
  • Boundary markers: There are no explicit delimiters or instructions provided to the sub-agents to ignore or treat the PR content as untrusted data.
  • Capability inventory: The skill has the ability to write files to the local file system (via file-todos), trigger automated browser/mobile testing, and launch additional agent tasks.
  • Sanitization: The instructions do not define any sanitization or validation logic for the external data before it is processed by the LLM.
  • [COMMAND_EXECUTION]: The skill uses system-level CLI tools to manage the repository and fetch review metadata.
  • Evidence: Uses gh pr view, gh pr checkout, and git-worktree to prepare the codebase for review.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 01:21 AM