Skills
skills/xpepper/pr-review-agent-skill/copilot-review-loop/Gen Agent Trust Hub

copilot-review-loop

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute local project scripts and Makefile targets identified as "safeguards" during the pre-flight and fixing phases.
  • Evidence: Found in SKILL.md Process steps 1 and 2d.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from processing external data sources.
  • Ingestion points: Pull Request comments from copilot[bot] and project configuration files such as CLAUDE.md, README.md, or Makefile.
  • Boundary markers: The instructions do not define delimiters or warnings to prevent the agent from following instructions embedded within the comments or project files.
  • Capability inventory: The agent has access to shell execution via the Bash tool, including gh CLI, git CLI, and local script execution.
  • Sanitization: No input validation or content filtering is performed on the ingested data.
  • [EXTERNAL_DOWNLOADS]: The skill references and recommends the installation of a third-party GitHub CLI extension (ChrisCarini/gh-copilot-review) to facilitate Copilot reviews.
  • Evidence: Documented in README.md and SKILL.md prerequisites.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 02:16 AM