code-review
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from GitHub pull requests.
- Ingestion points: The skill processes code, file paths, and potentially comments from pull requests as implied by the orchestration of code-review sub-skills in SKILL.md.
- Boundary markers: Absent. The instructions do not define clear delimiters or provide instructions to the subagents to ignore or isolate instructions embedded within the code or PR comments being reviewed.
- Capability inventory: The skill orchestrates sub-skills and interacts with the GitHub API to modify repository metadata by adding the
code-reviewedlabel. - Sanitization: Absent. There is no evidence of input validation, escaping, or sanitization of the PR content before it is processed by subagents or included in the final markdown report.
Audit Metadata