code-review
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill integrates with 'vercel-react-best-practices' and uses the 'anthropics/claude-code-action' for CI workflows. These are trusted organizations (Vercel Labs and Anthropic), and the references are documented neutrally.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and analyzes external, untrusted data from Pull Requests. An attacker could attempt to include malicious instructions within a PR to manipulate the agent's review logic or its use of GitHub commands.
- Ingestion points: Data is ingested through 'gh pr view' and 'gh pr diff' which retrieve untrusted content from the repository.
- Boundary markers: There are no explicit delimiters or specific 'ignore' instructions provided to separate the PR content from the agent's operational instructions.
- Capability inventory: The agent has write access to the GitHub API, enabling it to post reviews ('gh pr review') and comments ('gh api') based on its analysis.
- Sanitization: The skill does not demonstrate specific sanitization or filtering of the ingested PR content before it is processed by the model.
- [COMMAND_EXECUTION]: The skill executes multiple 'gh' and 'git' commands via the 'Bash' tool to fetch PR information, check commit hashes, and post results. These are standard operations for the skill's intended purpose of code review.
Audit Metadata