Skills
skills/willbooster/agent-skills/review-fix-claude/Gen Agent Trust Hub

review-fix-claude

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the '@willbooster/agent-skills' package from the npm registry via 'bunx'. This is a resource provided by the skill's author for performing code reviews.
  • [COMMAND_EXECUTION]: Runs shell commands to execute the review tool and perform git operations including 'git commit' and 'git push' to update the repository.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because the agent is instructed to act upon the output generated by the external review tool.
  • Ingestion points: Output from 'bunx @willbooster/agent-skills@latest review' in SKILL.md.
  • Boundary markers: Absent; the instructions do not define specific delimiters to isolate the tool's output from the agent's instructions.
  • Capability inventory: The skill utilizes file system write access and git commands (commit and push) as defined in SKILL.md.
  • Sanitization: Absent; the workflow relies on the agent's own assessment to verify if the review comments are valid before applying them.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 12:49 AM