deep-review
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface as it ingests and processes untrusted data from Pull Request diffs and repository documentation.
- Ingestion points: Untrusted data enters the agent context via
gh pr view,gh pr diff, and documentation files found indocs/(SKILL.md). - Boundary markers: The skill includes explicit instructions to isolate the Spec Conformance reviewer from commit messages and rationale sections to prevent developer-induced bias.
- Capability inventory: The skill uses
gh(GitHub CLI) for metadata/diff retrieval and dispatches sub-agents for analysis. No code execution or sensitive file write operations are performed on the ingested data. - Sanitization: The skill produces a synthetic report rather than executing code derived from the PR content, significantly mitigating the impact of any potential injection.
- [COMMAND_EXECUTION]: The skill uses
ghandgitcommands (e.g.,gh pr view,gh pr diff) which are legitimate and necessary for its primary function as a PR reviewer. No arbitrary command injection patterns or unsafe usage of user arguments were detected.
Audit Metadata