Skills
skills/yigitkonur/skills-by-yigitkonur/do-review/Gen Agent Trust Hub

do-review

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it is designed to ingest and process untrusted data from GitHub pull request bodies, issue descriptions, and comment threads.
  • Ingestion points: PR metadata and comments are fetched via gh pr view and gh api (as seen in SKILL.md Phase 4 and references/review-workflow.md Phase 3).
  • Boundary markers: No explicit delimiters or 'ignore instructions' warnings are implemented in the data-fetching steps.
  • Capability inventory: The skill relies on shell command execution using gh and git for repository navigation and review submission.
  • Sanitization: No sanitization is performed on the ingested content, though the skill instructions guide the agent to verify all findings with code-level evidence.
  • [COMMAND_EXECUTION]: The skill uses gh and git to perform its intended tasks, including viewing diffs, checking out branches, and reading issues. These commands are documented in references/gh-cli-reference.md and represent standard, non-malicious usage of repository management tools.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 03:49 PM