review-fetch-phase
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
gitandgh(GitHub CLI) binaries using Node.jsspawnSyncto interact with the local repository and fetch remote PR data. All commands are invoked using the array-of-arguments form, which effectively prevents shell injection vulnerabilities by ensuring arguments are not interpreted by a shell.\n- [EXTERNAL_DOWNLOADS]: PR metadata, review threads, and comments are fetched from GitHub's GraphQL API via thegh apicommand. This communication is restricted to a well-known service (GitHub) and is central to the skill's documented purpose of PR review state acquisition.\n- [DATA_EXPOSURE]: The skill aggregates PR content and writes it to local files (review-state.json,review-state.md, etc.). It includes a dedicated guard script (guard-review-artifacts-ignored.mjs) that enforces these files remain untracked by git, preventing accidental exposure of fetched data in the repository history.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted text from PR comments and reviews. While this creates a potential surface for indirect prompt injection if the agent later reads these files, the skill implements basic sanitization (cell escaping in markdown tables) and its primary purpose is the structured retrieval of this data.
Audit Metadata