Skills
skills/brave/brave-core/review/Gen Agent Trust Hub

review

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes various git and gh (GitHub CLI) subcommands to analyze local branch history, diffs, and pull request metadata. These operations are essential for the skill's purpose and use the standard development tools available to the agent.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it retrieves and processes untrusted data which is then used to direct the agent's analysis.
  • Ingestion points: Data is ingested from GitHub pull request bodies and comments, associated GitHub issue descriptions, and the content of modified source files.
  • Boundary markers: The instructions do not implement boundary markers or delimiters when presenting untrusted external content to the agent or its subagents.
  • Capability inventory: The agent has capabilities for command execution (Bash), file system modification (Edit), and network interaction with GitHub (gh api).
  • Sanitization: No sanitization, escaping, or validation of the ingested data is performed before it is incorporated into the prompts used for code analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 06:15 PM