receiving-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected in the skill instructions.
- [PROMPT_INJECTION]: The skill deals with processing external data (code review feedback from humans or external reviewers), which represents a potential surface for indirect prompt injection. However, the instructions serve as a security mitigation by explicitly mandating skepticism and technical verification before any implementation.
- Ingestion points: GitHub PR comments accessed via
gh api(SKILL.md). - Boundary markers: None specified.
- Capability inventory: Shell access for
grep, GitHub API access for PR interaction, and file system modification capabilities (SKILL.md). - Sanitization: No technical sanitization is mentioned, but behavioral rules require validating all suggestions against the codebase reality.
Audit Metadata