skills/csark0812/toolbox/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on Jul 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through processed code diffs and PR metadata. Malicious instructions embedded in the code being reviewed could potentially influence the behavior of the council subagents. \n- [PROMPT_INJECTION]: Ingestion points: Diff content (interpolated in references/task-prompt-review.md) and PR descriptions (fetched via gh pr view in references/product-intent.md). \n- [PROMPT_INJECTION]: Boundary markers: The prompt templates in references/task-prompt-review.md do not utilize explicit delimiters or 'ignore embedded instructions' warnings when interpolating diff content. \n- [PROMPT_INJECTION]: Capability inventory: The skill executes shell commands (git, gh, bun) and spawns multiple subagents with specific lenses. \n- [PROMPT_INJECTION]: Sanitization: No sanitization or validation of the ingested diff or PR content is performed before interpolation into subagent prompts. \n- [COMMAND_EXECUTION]: The skill invokes several shell commands including git (diff, show), gh (pr view), and bun run (validation tasks). These are used for their intended purpose of retrieving code changes and performing quality checks within a development environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 14, 2026, 05:26 PM
Security Audit — agent-trust-hub — code-review