Skills
skills/vrppaul/claude-review/review-ui/Gen Agent Trust Hub

review-ui

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the claude-review utility directly from the author's GitHub repository (github.com/vrppaul/claude-review) using the uv tool manager. This is a vendor-owned resource.
  • [COMMAND_EXECUTION]: Executes the claude-review CLI tool to review git diffs, project plans, and session transcripts. The skill accesses the application's session logs located at ~/.claude/projects/ to facilitate transcript reviews.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data (git diffs, plans, transcripts) and instructs the agent to act on reviewer comments without validation.
  • Ingestion points: Reviewer comments are provided via the claude-review tool's stdout as described in SKILL.md.
  • Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used to isolate the tool output.
  • Capability inventory: In SKILL.md, the agent is instructed to "address each comment by making the requested changes," which implies the use of file-writing and editing capabilities.
  • Sanitization: No sanitization or validation of the reviewer comments is performed before the agent is instructed to implement the changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 09:07 PM