Skills
skills/mthines/agent-skills/review-changes/Gen Agent Trust Hub

review-changes

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill interpolates user-supplied input ($ARGUMENTS) directly into the prompt for a subagent without sanitization or delimiters. An attacker providing malicious flags or text could potentially influence the subagent's behavior.
  • [PROMPT_INJECTION]: The skill processes external data (PR changes, commit history) which are untrusted ingestion points.
  • Ingestion points: The $ARGUMENTS variable in SKILL.md and the PR/branch content being reviewed.
  • Boundary markers: None present; the external data and user arguments are not enclosed in delimiters to prevent them from being interpreted as instructions.
  • Capability inventory: The skill has the capability to perform 'auto-fixes' (filesystem writes) and propose PR comments (GitHub API interactions).
  • Sanitization: No evidence of sanitization or validation of the input before it is passed to the reviewer agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 02:23 PM