apm-review-panel
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Pull Request Context Processing (Indirect Prompt Injection Surface): The skill analyzes content from pull request titles, descriptions, and diffs. Ingestion points: Identified in SKILL.md where data is passed to specialized sub-agents. Capability inventory: Write access is strictly managed through specific output channels, while sub-agents are restricted to returning JSON. Sanitization: A mandatory schema gate validates all sub-agent returns before processing.
- Deterministic Verdict Calculation: The final decision is derived from a quantitative count of findings rather than an autonomous decision, preventing external content from directly influencing the merge status.
- Structured Output Contracts: The skill enforces a single-writer model and uses predefined templates, ensuring consistent feedback and preventing unauthorized repository modifications.
Audit Metadata