Skills
skills/arinhubcom/arinhub-dev-skills/ah-submit-code-review/Gen Agent Trust Hub

ah-submit-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security risks identified. The skill implements functional automation using standard developer tools.- [PROMPT_INJECTION]: The skill processes untrusted data from GitHub PRs and external review files, creating a surface for indirect prompt injection.
  • Ingestion points: PR titles and bodies fetched via gh pr view, and content from local review files.
  • Boundary markers: External content is interpolated into the review format without explicit boundary markers.
  • Capability inventory: The skill uses gh api to post comments and update PR states (REQUEST_CHANGES/APPROVE).
  • Sanitization: The implementation uses quoted heredocs (<<'EOF') when piping JSON payloads to the gh command, which prevents shell interpolation of potentially malicious injected content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 01:35 AM