Skills
skills/willbooster/agent-skills/review-fix-gemini/Gen Agent Trust Hub

review-fix-gemini

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and runs the @willbooster/agent-skills@latest package via bunx. This package is a vendor-owned resource from the skill author used to perform the review process.
  • [COMMAND_EXECUTION]: Executes shell commands to run the review tool and manage Git operations, including committing and pushing code changes to the repository.
  • [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by processing external data as instructions.
  • Ingestion points: The agent ingests output from the review command as candidate comments for code modification (SKILL.md, Step 2).
  • Boundary markers: Absent. The skill does not implement delimiters or provide instructions to the agent to disregard commands embedded within the review tool output.
  • Capability inventory: The agent possesses the capability to modify any file within the project and push those changes to a remote repository (Step 4 & 5).
  • Sanitization: Absent. No logic is present to validate, escape, or filter the content of the review comments before the agent applies them to the codebase.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 12:49 AM