code-review
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to view pull requests, fetch diffs, list issues, and post comments. These actions are explicitly defined and restricted within the frontmatter configuration.
- [EXTERNAL_DOWNLOADS]: An installation command in the metadata retrieves the skill definition from a GitHub repository via curl.
- [PROMPT_INJECTION]: The skill processes untrusted input from pull request content and repository-specific guidance files (CLAUDE.md), representing a surface for indirect prompt injection.
- Ingestion points: Data enters the context through
gh pr view,gh pr diff, and by readingCLAUDE.mdfiles. - Boundary markers: The instructions rely on natural language guidance for the agent to focus only on modified code, rather than strict technical delimiters.
- Capability inventory: The skill is restricted to the GitHub CLI toolset for PR management.
- Sanitization: The workflow incorporates a multi-agent verification process and a 0-100 confidence scoring threshold (requiring a score of 80+) to filter and validate findings before posting them as comments.
Audit Metadata