receiving-code-review
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external feedback from reviewers, which presents an indirect prompt injection surface. The skill includes defensive instructions to verify and evaluate feedback technically before taking action. \n
- Ingestion points: Review comments from CodeRabbit, GitHub, and human reviewers (SKILL.md). \n
- Boundary markers: The skill establishes a logic-based 'Routing Boundary' and 'The Response Pattern' to process input, but does not use specific structural delimiters (e.g., XML tags) for the content itself. \n
- Capability inventory: Reading codebase ('grep'), interacting with GitHub API ('gh'), and code modification (SKILL.md). \n
- Sanitization: Employs a 'verify-before-implement' procedural check and technical reasoning to filter and validate external suggestions. \n- [COMMAND_EXECUTION]: Instructs the agent on using standard CLI tools for development tasks, including using the GitHub CLI to reply to comment threads and grep for codebase analysis. \n
- Evidence: Reference to 'gh api repos/{owner}/{repo}/pulls/{pr}/comments/{id}/replies' and 'grep codebase for actual usage' in SKILL.md.
Audit Metadata