Skills
skills/0x2e/superpowers/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local git commands, including git rev-parse and git diff, to identify code changes between commits. These commands use variable interpolation for commit SHAs; while this presents a theoretical shell injection surface if SHAs were sourced from untrusted user input, the skill's instructions guide the agent to generate these values locally via trusted git commands.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Since the code-reviewer subagent processes raw code changes, an attacker could embed malicious instructions within code comments or documentation (e.g., instructions telling the agent to ignore security flaws or mark the review as 'Ready to merge') to influence the subagent's assessment.
  • Ingestion points: code-reviewer.md ingests git diff output into the subagent context via the {BASE_SHA}..{HEAD_SHA} range.
  • Boundary markers: None. The code content is provided directly to the subagent without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill executes shell-based git commands to fetch and display repository data.
  • Sanitization: None. The content of the git diff is processed as-is.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 02:19 AM
Security Audit — agent-trust-hub — requesting-code-review