Skills
skills/bidah/react-native-hifi/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes standard version control commands to identify and extract code changes for analysis.
  • SKILL.md: Executes git rev-parse and git log to determine the start and end commit identifiers (SHAs) for the review range.
  • code-reviewer.md: Instructs the subagent to execute git diff --stat and git diff using the provided SHAs to inspect the modified code.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because the subagent processes untrusted external data (code changes and user-provided descriptions).
  • Ingestion points: External data enters the context via the git diff command output and the {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, and {DESCRIPTION} placeholders in code-reviewer.md.
  • Boundary markers: The template uses markdown headers (e.g., ## Requirements/Plan) to separate sections, but lacks explicit instructions to ignore embedded commands within the code being reviewed.
  • Capability inventory: The subagent has the capability to execute git commands as specified in the template.
  • Sanitization: No explicit sanitization or validation of the commit range or placeholder content is implemented.
  • Assessment: This is a common and necessary pattern for automated code review tools; the risk is considered low within the intended scope of development workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 09:39 PM