code-reviewer
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill's YAML metadata claims the author is 'google-gemini', while the actual author is 'wyc7758775'. This is deceptive metadata that could lead users to trust the skill based on a false affiliation with a well-known organization.
- [COMMAND_EXECUTION]: The workflow includes the execution of 'npm run preflight'. This command triggers arbitrary scripts defined in the local 'package.json' file. If a user is prompted to review a malicious Pull Request, the preflight check could execute dangerous code on the user's system.
- [EXTERNAL_DOWNLOADS]: The skill uses the GitHub CLI ('gh pr checkout') to download external code. While GitHub is a well-known service, the skill specifically instructions the agent to fetch and potentially execute scripts from untrusted remote PRs.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: The agent reads untrusted data from 'git diff', 'git diff --staged', PR descriptions, and existing PR comments.
- Boundary markers: No delimiters or isolation instructions are provided to prevent the agent from following commands embedded within the code or descriptions it processes.
- Capability inventory: The agent has access to powerful CLI tools including 'npm', 'git', and 'gh' which can modify the file system and execute code.
- Sanitization: There is no evidence of sanitization or filtering of the content extracted from the PRs before it is analyzed by the agent.
Audit Metadata