code-review
Pass
Audited by Gen Agent Trust Hub on Jul 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from the repository being reviewed.
- Ingestion points: The skill reads data from
git diff, commit messages (to find issue IDs), and various spec/standard files within the repository (e.g.,docs/,specs/,.scratch/). - Boundary markers: Absent. The instructions for spawning sub-agents do not specify the use of delimiters or 'ignore embedded instructions' warnings when interpolating the diff or spec content into the sub-agent prompts.
- Capability inventory: The skill uses the
general-purposesub-agent to process this untrusted data. - Sanitization: Absent. No filtering or sanitization of the retrieved diffs or spec files is performed before they are passed to the sub-agents.
- [COMMAND_EXECUTION]: The skill executes several Git commands to facilitate the review process.
- Evidence: Usage of
git diff <fixed-point>...HEAD,git log <fixed-point>..HEAD --oneline, andgit rev-parse <fixed-point>to compare code and verify references.
Audit Metadata