Skills
skills/andreacovelli/my-skills/gemini-review-loop/Gen Agent Trust Hub

gemini-review-loop

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes external data from pull request comments and review threads to determine its next actions and code modifications.
  • Ingestion points: SKILL.md (Step 2 and Step 4) uses gh pr view <PR> --comments and gh pr view --json comments,reviews to fetch data from the pull request context.
  • Boundary markers: Absent. There are no instructions to the model to ignore or delimit instructions found within the fetched comments.
  • Capability inventory: The skill has significant capabilities, including executing shell commands via gh and git, running local bash scripts, and committing/pushing code changes.
  • Sanitization: Absent. The agent is instructed to "Classify Gemini feedback" and apply suggested implementations directly to the codebase without specific sanitization or validation of the comment source.
  • [COMMAND_EXECUTION]: Local Script Execution. The skill executes shell scripts located at absolute paths in a user's home directory (/home/andrea/.agents/skills/github-pr-agent-workflows/scripts/). This creates a dependency on a specific local environment and executes arbitrary logic contained in those scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 12:12 PM
Security Audit — agent-trust-hub — gemini-review-loop