forge-review
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or unauthorized data access found. The skill operates within a defined scope for code analysis and follows security best practices.\n- [COMMAND_EXECUTION]: The skill utilizes
gitandgh(GitHub CLI) to inspect codebase state and pull request metadata. These operations are restricted by theallowed-toolspolicy in the frontmatter to specific binary patterns (git *,gh *), which are appropriate for its function.\n- [DATA_EXFILTRATION]: While the skill interacts with GitHub via theghtool, no evidence of exfiltration to third-party domains or unauthorized access to sensitive files (such as.ssh/or.envfiles) was detected. Interactions are limited to repository metadata.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to process untrusted code files. However, the risk is mitigated by explicit anti-hallucination and grounding guidelines.\n - Ingestion points: Reads code files and diffs via
Read,Grep,Glob, andgh pr diff(SKILL.md).\n - Boundary markers: Explicit boundary markers for processed code are absent, though role instructions define a strict senior developer reviewer persona.\n
- Capability inventory: The skill has access to
Write,Edit, and limitedBash(git/gh) operations.\n - Sanitization: No explicit sanitization of input code content is documented.
Audit Metadata