odyssey4me/gerrit
Submit, amend, and review Gerrit changes using git-review CLI. Use when asked to submit a patchset, download a change, rebase a change request, check CR status, or manage code reviews in Gerrit.
92
92%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.70). The skill's wrapper (scripts/gerrit.py — e.g., run_gerrit_query and format_change_summary) and SKILL.md/common-workflows explicitly fetch and parse Gerrit query results (including user comments and approvals) from a Gerrit server, which are user-generated/untrusted and are presented to the agent to read and drive follow-up actions (e.g., approve/submit automation shown in the workflows), so third-party content can influence agent decisions.
- Audited
- Security analysis