Skills
skills/bobmatnyc/claude-mpm-skills/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on May 31, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from git diffs and source code into the subagent's context.
  • Ingestion points: Git diff output and source code content enter the agent context in the reviewer template (references/code-reviewer-template.md).
  • Boundary markers: The skill uses markdown headers as delimiters but lacks specific instructions to ignore adversarial text within the code diffs.
  • Capability inventory: The subagent performs code quality assessments and provides recommendations on production readiness.
  • Sanitization: No sanitization or escaping of the code content is performed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 31, 2026, 12:09 AM
Security Audit — agent-trust-hub — requesting-code-review