requesting-code-review
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes task descriptions and implementation requirements which are interpolated into a subagent's prompt without protective delimiters or sanitization. This creates a surface where malicious instructions in project metadata could attempt to influence the reviewer agent's evaluation. \n
- Ingestion points: Variables
{WHAT_WAS_IMPLEMENTED},{PLAN_OR_REQUIREMENTS}, and{DESCRIPTION}in code-reviewer.md. \n - Boundary markers: Absent. The templates do not use markers like triple backticks or XML tags to isolate untrusted content from the system prompt. \n
- Capability inventory: The subagent has the ability to execute shell commands (
git diff). \n - Sanitization: No validation or escaping of the interpolated variables is performed. \n- [COMMAND_EXECUTION]: The skill utilizes local shell commands (git rev-parse, git log, git diff) to identify and analyze code changes. These commands are used for their intended purpose in the code review process.
Audit Metadata