receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill establishes a workflow for processing external code review feedback, which creates an attack surface for instructions embedded in peer reviews.
- Ingestion points: External feedback from reviewers and GitHub Pull Request comments fetched via API.
- Boundary markers: The skill explicitly instructs the agent to 'Verify before implementing' and 'Technically evaluate' inputs, providing a logical boundary to prevent blind obedience.
- Capability inventory: The skill allows the agent to read codebase contents (grep), reply to GitHub threads (gh api), and implement code changes.
- Sanitization: No technical sanitization of the feedback text is specified beyond the instructional requirement for the agent to verify the technical correctness of suggestions.
Audit Metadata