Skills
skills/yigitkonur/skills-by-yigitkonur/review-feedback/Gen Agent Trust Hub

review-feedback

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard git commands (log, diff, status) and gh CLI commands to interact with the repository and manage Pull Request feedback. These operations are performed within the local repository context to reconstruct ground truth and post thread replies.
  • [EXTERNAL_DOWNLOADS]: The skill fetches Pull Request comments, reviews, and discussion data from the official GitHub API via the gh tool. These network operations are limited to the target repository's GitHub domain and are necessary for the skill's primary function.
  • [PROMPT_INJECTION]: The skill anticipates indirect prompt injection from external review comments (e.g., bot suggestions or human PR comments). It mitigates this by enforcing a 'verify-before-implement' policy and dispatching a separate Explore subagent with a self-contained prompt to provide an independent, unbiased evaluation of the feedback.
  • [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were detected. Data handling is restricted to reading from and writing to the repository's GitHub PR channel and local markdown files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 10:40 PM
Security Audit — agent-trust-hub — review-feedback