code-reviewer
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Git CLI commands to gather repository state and generate code patches.
- Evidence: The
scripts/prepare_review_bundle.pyscript contains functionsrun_gitandgit_outputwhich invokesubprocess.runto callgit rev-parse,git status, andgit diff. - Context: These calls are implemented using a list of arguments rather than a single shell string, which is a secure pattern that prevents command injection via repository names or branch references.
- [PROMPT_INJECTION]: The skill facilitates an 'Isolated Review' workflow that is susceptible to indirect prompt injection.
- Ingestion points: The
scripts/prepare_review_bundle.pyscript aggregates content from the Git working tree, user-provided request files, and writer summaries into a bundle directory. - Boundary markers: The
reviewer-prompt.mdtemplate andreferences/isolation-protocol.mdlack robust boundary delimiters or explicit instructions for the reviewer agent to ignore potential instructions embedded within the code diffs or summaries. - Capability inventory: The skill is configured with powerful tools including
Write,Edit, andBash. If an agent is successfully manipulated by a malicious payload in a code diff, it could use these tools to perform unauthorized actions. - Sanitization: There is no evidence of sanitization or filtering of the content being bundled for review.
Audit Metadata