Skills
skills/zzci/skills/pma-code-review/Gen Agent Trust Hub

pma-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute git and gh (GitHub CLI) commands. In agents/code-reviewer.md, it is instructed to run git diff, git log, gh pr view, gh pr diff, and gh pr review. These operations are standard for the tool's intended use case of analyzing code changes and providing feedback on pull requests.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it is designed to ingest and analyze untrusted data (code changes) which could contain malicious instructions aimed at the agent.
  • Ingestion points: Untrusted data enters the agent context through git diff, git log, and gh pr diff outputs, as well as file reading operations performed by the Read, Grep, and Glob tools as specified in agents/code-reviewer.md.
  • Boundary markers: The instructions do not define strict boundary markers (e.g., XML tags) or specific 'ignore instructions' warnings for the content being analyzed, relying on the 'senior reviewer' persona and the context of the diff.
  • Capability inventory: Across agents/code-reviewer.md, the skill possesses the capability to execute arbitrary shell commands via the Bash tool and write content to external services via gh pr review.
  • Sanitization: There is no explicit instruction to sanitize or escape the content ingested from the repository before it is interpolated into findings or potentially used as arguments in subsequent tool calls.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 10:33 PM
Security Audit — agent-trust-hub — pma-code-review