Skills
skills/yushuanhsieh/workflow/receiving-code-review/Gen Agent Trust Hub

receiving-code-review

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Risk of indirect prompt injection when processing untrusted external feedback.
  • Ingestion points: Processes suggestions from external reviewers and GitHub PR comment threads as outlined in SKILL.md.
  • Boundary markers: Lacks technical delimiters for external data, relying on a procedural 'READ-UNDERSTAND-VERIFY' logic.
  • Capability inventory: Utilizes grep for codebase analysis and gh api for GitHub interactions.
  • Sanitization: Mandatory instructions to check feedback against 'codebase reality' and push back on technically incorrect suggestions.
  • [COMMAND_EXECUTION]: Employs CLI tools for development workflow tasks.
  • Evidence: Uses grep for YAGNI checks and gh api for replying to GitHub Pull Request comments.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 04:19 AM