review
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill runs project-specific scripts including npm run type-check, npm run lint, and npm run test. This behavior executes code defined in the target repository's configuration files.
- [COMMAND_EXECUTION]: Utilizes bash for logic and the GitHub CLI (gh) for remote repository interactions such as viewing diffs and posting comments.
- [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection (Category 8) because it ingests untrusted PR metadata and code changes. Ingestion points: PR titles, bodies, and diffs via gh pr view and gh pr diff. Boundary markers: No specific delimiters are used to isolate PR content from agent instructions. Capability inventory: Ability to execute shell commands, run tests, and post GitHub comments. Sanitization: No sanitization is performed on ingested PR data.
- [DATA_EXFILTRATION]: Accesses project configuration and source code which may contain sensitive context or logic.
Audit Metadata