Skills
skills/a16z/jolt/ci-code-review/Gen Agent Trust Hub

ci-code-review

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from GitHub Pull Requests (diffs, descriptions, and comments). An attacker could include instructions within a PR to influence the agent's analysis or suppress security findings.\n
  • Ingestion points: PR code and metadata retrieved via 'gh api' in SKILL.md.\n
  • Boundary markers: None present. There are no delimiters or instructions to treat PR content as untrusted data.\n
  • Capability inventory: Shell execution through the 'gh' CLI and file writing to '/tmp'.\n
  • Sanitization: No sanitization of the PR content is performed prior to analysis.\n- [COMMAND_EXECUTION]: The skill executes shell commands using the GitHub CLI ('gh') to fetch PR data and post review comments. It also performs local file operations by writing JSON payloads to '/tmp'.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 02:55 PM