Skills
skills/rube-de/cc-skills/ci-review/Gen Agent Trust Hub

ci-review

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from pull request diffs and comments.
  • Ingestion points: PR content is retrieved via gh pr diff and gh pr view in SKILL.md (Step 3).
  • Boundary markers: The skill uses markdown headers (e.g., ## PR Diff) to separate data but lacks explicit instructions to the agents to ignore potential instructions embedded within the ingested code or comments.
  • Capability inventory: The skill uses the Agent tool for task delegation and Bash for privileged operations like gh api calls.
  • Sanitization: No sanitization or escaping of the ingested external content is performed before interpolation into prompts.
  • [COMMAND_EXECUTION]: The skill uses Bash to execute multiple commands using the gh (GitHub CLI) and jq tools for reading PR data and posting reviews. It also references an external script at ../../scripts/fetch-pr-comments.sh.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 05:28 AM