change-review-agent
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local git commands (
git status,git diff) and discovery utilities (rg,find,ls) to gather context for a code review. These operations are read-only and align with the skill's primary function. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data (local code changes) for analysis.
- Ingestion points: The workflow reads file contents and git diff output in
SKILL.md. - Boundary markers: The sub-agent prompt template uses variable placeholders for code content but does not include explicit delimiters or instructions to ignore commands embedded within the code changes.
- Capability inventory: The skill is restricted to read-only tools like
git,rg, andfindas defined inSKILL.md. - Sanitization: There is no evidence of escaping or validation performed on the code content before it is passed to the sub-agent.
Audit Metadata