Skills
skills/steipete/agent-scripts/github-deep-review/Gen Agent Trust Hub

github-deep-review

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands including gh, git, and rg (ripgrep) to inspect repository state, view issues, and analyze pull request diffs. These operations are essential for the skill's purpose and are executed within the context of the repository being reviewed.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from external sources, specifically GitHub issue bodies, PR comments, and source code. This creates a surface where maliciously crafted content in a PR or issue could attempt to influence the agent's analysis.
  • Ingestion points: Data is brought into the context via gh issue view, gh pr view, and gh pr diff commands.
  • Boundary markers: The skill does not explicitly define delimiters or 'ignore' instructions for the content it reads from GitHub.
  • Capability inventory: The agent has the capability to execute shell commands for repository interaction and navigate local file paths.
  • Sanitization: No explicit sanitization of the fetched GitHub content is performed before it is analyzed by the agent.
  • [DATA_EXPOSURE]: The skill references a specific local path (~/Projects/agent-scripts/skills/github-author-context/SKILL.md) to manage author-specific review logic. This is an internal reference to the author's own script environment and does not involve exfiltration of sensitive user data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 11:13 PM
Security Audit — agent-trust-hub — github-deep-review