codereview-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingests untrusted external data in the form of GitHub Pull Request descriptions and code diffs via the Phase 1 retrieval skill. Maliciously crafted content within a PR could attempt to influence the coordinator's triage logic or deceive the specialist skills it invokes. Evidence: Ingestion points include 'retrieve-diff-from-github-pr' in SKILL.md. There are no explicit boundary markers or sanitization protocols described to isolate untrusted content from the agent's core instructions. The capability inventory involves routing to various specialized review skills and performing final submission to the GitHub API via 'submit-github-review'.
- [EXTERNAL_DOWNLOADS]: The workflow describes fetching code data and metadata from GitHub's official API using the 'retrieve-diff-from-github-pr' skill. This interaction targets a well-known service for the skill's primary intended purpose.
Audit Metadata