review-receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
greputility to search the local codebase. This is used to determine if a suggested feature is necessary based on existing usage, adhering to the YAGNI (You Ain't Gonna Need It) principle.\n- [COMMAND_EXECUTION]: It specifies the use of the GitHub CLI (gh api) to post replies to specific pull request comments. This allows the agent to communicate technical findings and implementation status directly within the review thread.\n- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing feedback from external reviewers. Since the agent is instructed to implement suggestions after verification, a malicious reviewer could attempt to inject instructions disguised as feedback. The skill mitigates this by instructing the agent to evaluate feedback critically and check it against the reality of the codebase.\n - Ingestion points: External feedback from human partners and third-party reviewers (SKILL.md).\n
- Boundary markers: No explicit delimiters are defined to separate untrusted feedback from system instructions, although the agent is told to restate requirements.\n
- Capability inventory: File system searching via
grepand network communication via theghtool (SKILL.md).\n - Sanitization: The skill does not define any automated sanitization for the feedback data.
Audit Metadata