code-review
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill manages an indirect prompt injection surface as it processes external content from GitHub.
- Ingestion points: Pull request details, diffs, and comments are fetched from GitHub using the
ghCLI as described inSKILL.mdandresources/review-checklist.md. - Boundary markers: Explicit instructions in the 'External Content Safety' section of
SKILL.mdwarn the agent against following embedded directives in external content. - Capability inventory: The skill uses
gitfor local code analysis,ghfor GitHub API interactions (including write access for posting reviews), andnodeto execute thecapture-screenshots.jsscript. - Sanitization: The agent is explicitly instructed to treat all fetched content as untrusted and to ignore any commands or directives embedded within it.
- [COMMAND_EXECUTION]: The skill directs the agent to use standard development tools, including
gitand the GitHub CLI (gh), for repository analysis and PR management. These operations are consistent with the skill's purpose and are confined to the relevant development environment. - [EXTERNAL_DOWNLOADS]: The skill utilizes the
playwrightlibrary for automated browser-based visual validation. This involves standard browser binary downloads from a well-known service provider and is essential for the stated screenshot functionality. - [DATA_EXFILTRATION]: Data access is restricted to the code diffs and PR metadata required for the review process. The skill interacts solely with the local filesystem and the official GitHub API to post feedback as part of the intended review workflow.
Audit Metadata