code-review
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes system commands including
gh pr view,gh pr diff,git diff, andphp vendor/bin/pint. While these are functional requirements for code analysis and formatting, they represent a potential attack surface if inputs are manipulated. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external sources (Pull Request diffs and file contents) that are not under the direct control of the agent.
- Ingestion points: Data enters the context via
gh pr diffand file read operations inSKILL.md. - Boundary markers: None detected; the skill lacks explicit delimiters or instructions to treat external code as data rather than instructions.
- Capability inventory: The skill can read/write files and execute shell commands (
git,gh,php). - Sanitization: No evidence of sanitization or escaping of the ingested code content before it is processed by the AI.
Audit Metadata