receiving-code-review
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill provides guidelines for technical skepticism and verification during code reviews. It directs the agent to prioritize technical correctness over social compliance, which is a defensive measure against incorrect or malicious suggestions.
- [COMMAND_EXECUTION]: The skill uses standard development tools like
grepfor codebase searches and the GitHub CLI (gh api) to respond to pull request comments. These operations are restricted to the context of a software development workflow. - [PROMPT_INJECTION]: The skill processes untrusted input in the form of code review feedback, creating a surface for indirect prompt injection.
- Ingestion points: Code review feedback from external reviewers and human partners entering the agent context via SKILL.md instructions.
- Boundary markers: Absent; the instructions do not specify delimiters for the feedback content.
- Capability inventory: The agent possesses file system search (
grep), codebase modification, and repository API access capabilities. - Sanitization: Absent; the skill relies on the agent's technical evaluation and the mandate to "verify then implement" to mitigate risks.
Audit Metadata