code-review
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted content from pull requests (diffs, code comments, and project guidelines) and uses this data to generate feedback posted back to GitHub.
- Ingestion points: The skill reads external data via
gh pr diff,gh pr view, and file contents (includingCLAUDE.mdand source code comments) across steps 2, 3, 4, and 5. - Boundary markers: The instructions do not specify explicit delimiters or 'ignore' instructions when interpolating PR data into sub-agent prompts.
- Capability inventory: The skill possesses the ability to execute
ghbash commands, specificallygh pr comment, allowing it to write to external repositories. - Sanitization: While no explicit string sanitization is mentioned, the multi-agent 'confidence-based scoring' system (Step 5) serves as a logical filter that requires high confidence (score ≥ 80) before an issue is included in the final output, significantly mitigating the risk of processing malicious instructions embedded in the code.
Audit Metadata