code-review-action
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's core functionality is defined by an external GitHub Actions workflow hosted on a third-party repository (
OneRedOak/claude-code-workflows). This introduces a dependency on external code that is not from the primary vendor or a recognized service provider. - [PROMPT_INJECTION]: The skill acts on pull request content, which serves as a surface for indirect prompt injection.
- Ingestion points: Pull request diffs, descriptions, and comments processed during code review.
- Boundary markers: None identified; there are no specified delimiters to separate untrusted code from the agent's instructions.
- Capability inventory: The skill can post comments to GitHub pull requests and influence the workflow state by blocking merges.
- Sanitization: None identified; pull request content is analyzed without explicit evidence of sanitization or validation to prevent embedded instruction execution.
Audit Metadata