Skills
skills/openhands/extensions/learn-from-code-review/Gen Agent Trust Hub

learn-from-code-review

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from GitHub pull request comments and review bodies to generate new repository skills and guidelines. This creates a surface for indirect prompt injection, where a malicious comment could potentially influence the resulting generated content.\n
  • Ingestion points: PR comments and review bodies fetched via the GitHub API in SKILL.md (Step 2).\n
  • Boundary markers: No explicit delimitation or instruction-ignoring markers are used during processing.\n
  • Capability inventory: The skill has the capability to write files to the .openhands/skills/ directory and update AGENTS.md, and can create draft pull requests using the create_pr tool.\n
  • Sanitization: The workflow includes filtering for signal quality (length, bot exclusion) but does not specifically sanitize for prompt injection patterns.\n- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to perform repository operations. These commands are constructed using project-specific identifiers and do not expose the environment to arbitrary shell injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:58 PM
Security Audit — agent-trust-hub — learn-from-code-review