Skills
skills/windmill-labs/windmill/local-review/Gen Agent Trust Hub

local-review

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git and gh (GitHub CLI) commands to fetch pull request metadata, analyze code diffs, and post review comments to the GitHub API. These are legitimate operations within the scope of a code review tool and target a well-known service (GitHub).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from the repository being reviewed.
  • Ingestion points: Data enters the agent's context through git diff, gh pr diff, and the content of repository files such as source code and CLAUDE.md configuration files.
  • Boundary markers: The skill lacks explicit delimiters or instructions to treat the ingested codebase content strictly as data rather than instructions.
  • Capability inventory: The agent has the capability to read local files, execute git/gh commands, and post messages to the GitHub API via the gh tool.
  • Sanitization: There is no evidence of sanitization or filtering of the repository content before it is processed by the AI for the code review task.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 08:38 PM