receiving-code-review

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides templates for using the GitHub CLI tool (gh api) to automate replies to pull request comments within the repository workflow.
  • [INDIRECT_PROMPT_INJECTION]: The skill establishes a protocol for processing external data (code review feedback), which is a common attack surface for indirect instructions.
  • Ingestion points: External code review comments and feedback from third-party reviewers (SKILL.md).
  • Boundary markers: Not explicitly defined in the provided text.
  • Capability inventory: Code implementation/modification and network operations via the gh command (SKILL.md).
  • Sanitization: Not present; the skill relies on the agent's skepticism and manual verification logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:10 AM
Security Audit — agent-trust-hub — receiving-code-review