skills/ngmeyer/skills/council-review/Gen Agent Trust Hub

council-review

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes well-known tools such as git and the GitHub CLI (gh) to gather necessary context for reviews (e.g., git logs and pull request descriptions). This is standard functionality for the skill's intended purpose.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data, such as PR descriptions and file contents, which represents a common surface for indirect prompt injection. This is addressed through structural mitigation:
  • Ingestion points: SKILL.md Step 0 reads local files and PR substance.
  • Boundary markers: Step 1 frames this content within clear headers (QUESTION, CONTEXT) and uses delimiters (---) to separate data from instructions.
  • Capability inventory: The skill uses internal Agent tool calls and read operations.
  • Sanitization: Instructions explicitly warn advisor agents not to defer to expected answers or implied framing, which acts as a behavioral guardrail against injection and sycophancy.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 11:36 AM