code-review
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from external sources, specifically code changes and documentation, which creates an attack surface for indirect prompt injection where instructions could be hidden in code comments or documentation.
- Ingestion points: Analyzes pull request changes and reads documentation from paths such as
docs/features/orspecs/. - Boundary markers: The instructions do not include specific delimiters or directives to the AI to disregard instructions embedded within the analyzed code content.
- Capability inventory: The AI generates summaries and prioritizes issues based on the ingested content, though it lacks direct automated execution capabilities within this skill.
- Sanitization: No sanitization or validation is performed on the input code or documentation files.
- [COMMAND_EXECUTION]: The skill provides a shell script template (
post-review.sh) and suggests that the user apply executable permissions viachmod +x. While this is a standard developer workflow for using the GitHub CLI (gh), it involves the creation and execution of local shell scripts based on AI-generated content.
Audit Metadata