Skills
skills/zbruhnke/claude-code-starter/review-mr/Gen Agent Trust Hub

review-mr

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (SAFE): The skill uses the Bash tool to execute standard git commands (git diff, git log, git symbolic-ref) and the GitHub CLI (gh pr view). These operations are necessary for the skill's stated purpose of reviewing code changes.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it ingests untrusted data from external codebases. \n
  • Ingestion points: The skill reads content from git diff, git log, and potentially files via Read, Grep, and Glob tools. \n
  • Boundary markers: Absent. The instructions do not define delimiters to separate the untrusted code content from the system instructions. \n
  • Capability inventory: The skill has access to the Bash tool, which could be exploited if an attacker embeds malicious instructions within code comments or commit messages that the agent then interprets as commands. \n
  • Sanitization: Absent. There is no logic to sanitize or filter the content of the diffs before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:41 PM