cb-review
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes git commands such as
git diffandgit diff --cachedto identify changes. It also directs the agent to execute project-specific quality checks, including linters, type checkers, and tests, which is standard for a code review workflow. - [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface (Category 8) by processing untrusted data from modified source files.
- Ingestion points: According to Workflow Step 1 in
SKILL.md, the agent readsgit diffoutput and the full content of modified files. - Boundary markers: The instructions do not specify any delimiters or safety markers to distinguish untrusted code content from the agent's instructions.
- Capability inventory: The skill is capable of executing shell commands and generating structured review reports based on ingested data.
- Sanitization: No sanitization or validation of the ingested code content is performed before processing.
Audit Metadata