Skills
skills/shipshitdev/library/receiving-code-review/Gen Agent Trust Hub

receiving-code-review

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from untrusted code review feedback.
  • Ingestion points: The agent is instructed to read incoming review feedback, including PR comments and notes, directly into its context (SKILL.md).
  • Boundary markers: Absent. There are no instructions to utilize delimiters or explicitly ignore potentially malicious instructions embedded within the feedback.
  • Capability inventory: The skill utilizes git and gh (GitHub CLI) for codebase verification and uses the gh api to post technical responses back to GitHub repositories (SKILL.md).
  • Sanitization: Absent. The content from reviewers is processed for technical evaluation and implementation without validation or sanitization routines.
  • [NO_CODE]: The skill does not contain any executable scripts or binaries; it consists entirely of descriptive markdown instructions and configuration metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 01:13 PM
Security Audit — agent-trust-hub — receiving-code-review