umb-review
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git diff,git log, andgh pr viewto retrieve information about the current branch and its changes. These operations are essential for the skill's intended purpose of code review. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection.
- Ingestion points: The agent is instructed to read and "internalize" instructions from repository-hosted files like
CLAUDE.mdand other documentation (Step 2b) to define its review criteria. - Boundary markers: There are no markers or instructions to treat repository content as untrusted; the agent adopts these conventions as authoritative.
- Capability inventory: The agent has the ability to execute shell commands using git and the GitHub CLI tools.
- Sanitization: The skill does not validate or sanitize the content read from the repository before using it to guide its logic.
Audit Metadata