Skills
skills/whatifwedigdeeper/agent-skills/peer-review/Gen Agent Trust Hub

peer-review

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Executes git and GitHub CLI tools (git, gh) to fetch code differences and pull request metadata. Arguments such as branch names and PR numbers are strictly validated using regular expressions to prevent command injection.
  • [EXTERNAL_DOWNLOADS]: Refers to well-known CLI tools (@github/copilot-cli, @openai/codex, @google/gemini-cli) from established organizations for optional external review functionality.
  • [DATA_EXFILTRATION]: Sends source code and diffs to external LLM providers (GitHub, OpenAI, Google) when configured. The skill includes a clear warning that it does not automatically redact secrets from the data it transmits.
  • [PROMPT_INJECTION]: Processes untrusted data from git diffs and files which could contain malicious instructions designed to influence the agent's behavior.
  • Ingestion points: Source code files and git diff outputs (SKILL.md).
  • Boundary markers: Employs <untrusted_diff> and <untrusted_files> XML-style tags and explicit instructions to ensure the reviewer ignores embedded directives.
  • Capability inventory: Executes subprocesses for git/gh and uses the Edit tool to modify local files (SKILL.md).
  • Sanitization: Validates pull request IDs as positive integers and branch names using a restricted character set (A-Z, 0-9, ., _, /, -).
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 11:50 AM