receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process feedback from external reviewers (untrusted data sources).
- Ingestion points: GitHub PR comments and external reviewer feedback as described in
SKILL.md. - Boundary markers: Not explicitly defined as delimiters, but the skill mandates a 'Verify before implementing' mental model which serves as a cognitive boundary.
- Capability inventory: The skill uses
grepfor codebase searching andgh apifor replying to comments. - Sanitization: The skill relies on 'technical reasoning' and 'codebase reality' checks rather than automated sanitization. This is appropriate for its primary purpose of technical review.
- [Command Execution] (SAFE): Use of
grepandgh apiare mentioned for the primary purpose of the skill (verifying usage and replying to reviews). There is no evidence of arbitrary command execution or shell injection vulnerabilities.
Audit Metadata