Skills
skills/prisma/prisma-next/github-review-iteration/Gen Agent Trust Hub

github-review-iteration

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Node.js spawnSync in scripts/review-iterate.mjs to execute local scripts from sibling directories for fetching PR state and triaging actions. It also instructs the agent to use the Bash tool for running these scripts directly.
  • [PROMPT_INJECTION]: The skill processes untrusted input in the form of GitHub PR comments, which creates a surface for indirect prompt injection where malicious instructions in comments could influence the agent's actions during the implementation phase.
  • Ingestion points: External review comments are fetched from GitHub via review-fetch-phase/scripts/fetch-review-state.mjs.
  • Boundary markers: None identified in the orchestrator instructions; handling of untrusted content is delegated to sub-agents.
  • Capability inventory: The skill and its scripts can execute local commands (spawnSync), perform GitHub API operations (gh api), and modify the local filesystem (mkdir).
  • Sanitization: No specific sanitization or filtering of PR comment content is implemented in the orchestration logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 05:56 AM