review
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected.
- [DATA_EXPOSURE]: The skill reads local repository data, including git diffs, commit logs, and documentation files (e.g.,
CODING_STANDARDS.md,CONTRIBUTING.md, and specification files). This data access is restricted to the local environment and is essential for the skill's code review functionality. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes external, potentially untrusted content such as code diffs and issue descriptions.
- Ingestion points: Untrusted data enters the agent context via
git diffoutput and external specification files fetched from issue trackers or local documentation paths. - Boundary markers: The prompts for the sub-agents do not implement explicit delimiters or instructions to ignore embedded commands within the analyzed diffs or specifications.
- Capability inventory: The skill utilizes git commands and the
Agenttool to spawn sub-agents with general-purpose capabilities. - Sanitization: There is no evidence of sanitization or filtering of the diff content or specification text before it is presented to the sub-agents for analysis.
- Note: This surface is inherent to the primary purpose of a code review tool and does not indicate malicious intent.
Audit Metadata