code-review
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes code from external sources (git diffs and pull requests). This is a characteristic of the code review domain rather than a flaw in the skill.
- [COMMAND_EXECUTION]: The skill utilizes standard command-line tools, specifically git and the GitHub CLI (gh), to fetch repository data. These tools are well-known, and their usage here is strictly limited to the skill's primary purpose of reviewing code changes.
- [PROMPT_INJECTION]: The use of the $ARGUMENTS variable to steer subagent reviews introduces a potential for direct prompt injection, where a user could provide guidance that overrides the agent's internal logic. This is a common pattern for user-directed agents and is considered acceptable within this context.
Audit Metadata