gemini-review
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses local shell scripts and standard utilities (gh, jq) to interact with the GitHub API. No suspicious network activity, data exfiltration, or obfuscation was found.
- [PROMPT_INJECTION]: The skill processes external PR data, which serves as a surface for indirect prompt injection. This risk is managed through explicit verification steps and structured data parsing. \n
- Ingestion points: PR comments and review bodies (SKILL.md, Step 2 and 4). \n
- Boundary markers: Instructions to 'Scrutinize each Gemini comment before acting' and 'Apply Gemini suggestions only after confirming they are correct'. \n
- Capability inventory: Git status, branch, push, and local file patching (SKILL.md, Step 5). \n
- Sanitization: Structured JSON parsing via jq in all helper scripts.
Audit Metadata