Skills
skills/yvictor/skills/review-driven-development/Gen Agent Trust Hub

review-driven-development

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core workflow of processing untrusted external data.
  • Ingestion points: The skill reads issue descriptions from GitHub/GitLab (gh issue view, glab issue view in Phase 1) and full code diffs (git diff in Phase 5).
  • Boundary markers: Absent. External content from git diff is directly interpolated into command-line strings for sub-agents (e.g., claude -p "... $(git diff ...)").
  • Capability inventory: The skill possesses significant capabilities including creating PR/MRs (gh pr create), posting review comments with verdicts (gh api ... pulls/{NN}/reviews), and merging code (gh pr merge) in Phase 6.
  • Sanitization: Absent. No evidence of escaping or filtering content from issues or diffs before they are processed by the review sub-agents.
  • [COMMAND_EXECUTION]: The skill relies extensively on executing shell commands to interact with the environment and VCS platforms.
  • Evidence: Uses git, gh (GitHub CLI), glab (GitLab CLI), codex, and claude CLI tools to perform operations. While these are appropriate for the tool's purpose, they are invoked with data derived from external sources (issue numbers, branch names, diff content).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 11:15 AM