code-review
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data from external sources, which can lead to indirect instruction injection.
- Ingestion points: The skill gathers unified diffs, pull request titles, pull request bodies, and linked issue references.
- Boundary markers: There are no instructions provided to the agent to treat the ingested diff content as passive data or to ignore any natural language instructions embedded within the code or comments.
- Capability inventory: The skill executes shell commands (git diff), performs network operations to fetch ticket context, and has the capability to modify the local filesystem when 'Fix Mode' is enabled.
- Sanitization: No sanitization or validation of pull request descriptions or code comments is performed before the agent processes them as part of the review logic.
- [DYNAMIC_EXECUTION]: The 'Fix Mode' feature generates code and applies it to the working environment.
- Evidence: The instructions specify that when requested, the agent should "Apply fixes directly to the working tree," which involves the generation and writing of executable code based on its own analysis of the codebase.
Audit Metadata