krt-review-herald
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill includes explicit guardrails to prevent mutating remote state (pushing, requesting reviews, or resolving threads) without approval, adhering to the principle of least privilege.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted data in the form of pull request comments and review feedback.
- Ingestion points: Data enters the agent context via GitHub PR URLs/numbers, pasted comments, and local review docs as described in
SKILL.md. - Boundary markers: There are no explicit delimiters or boundary markers specified for separating the untrusted PR content from the system instructions.
- Capability inventory: The skill is capable of reading repository state using
ghand modifying local files to implement fixes. It is explicitly restricted from performing remote network operations or state mutations without user confirmation. - Sanitization: No specific sanitization or validation of the ingested external content is mentioned.
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh) for gathering review context. This is a standard and expected tool for the skill's primary purpose of PR management.
Audit Metadata