Skills
skills/yonatangross/orchestkit/code-review-playbook/Gen Agent Trust Hub

code-review-playbook

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection. It fetches PR metadata and code diffs from GitHub and incorporates them directly into the agent's context. A malicious actor could embed instructions within a PR to manipulate the agent's review logic or tool usage.
  • Ingestion points: PR title, body, comments, and diff content retrieved via gh pr view and gh pr diff commands in scripts/review-pr.md.
  • Boundary markers: Absent. The data is placed under generic markdown headers without delimiters or specific "ignore embedded instructions" warnings.
  • Capability inventory: The agent has access to Bash, Read, and Grep tools, which provides a significant capability set if an injection is successful.
  • Sanitization: Absent. No filtering or escaping is applied to the content received from the GitHub API before it is processed.
  • [COMMAND_EXECUTION] (LOW): The skill relies on shell command execution via the gh CLI and various linters (e.g., ruff, eslint, biome). While these are legitimate functions of the skill, they represent the execution of potentially influenced logic if prompt injection occurs.
  • [EXTERNAL_DOWNLOADS] (LOW): The scripts/run-lint-check.sh script and rules/linting-biome-setup.md recommend or use npx to execute tools like eslint and biome. This involves fetching and executing code from the npm registry at runtime, which introduces a supply chain dependency risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 09:54 PM