skills/ecology9191/skills/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on Jul 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from the repository being reviewed.
  • Ingestion points: The skill reads data from git diff, commit messages (to find issue IDs), and various spec/standard files within the repository (e.g., docs/, specs/, .scratch/).
  • Boundary markers: Absent. The instructions for spawning sub-agents do not specify the use of delimiters or 'ignore embedded instructions' warnings when interpolating the diff or spec content into the sub-agent prompts.
  • Capability inventory: The skill uses the general-purpose sub-agent to process this untrusted data.
  • Sanitization: Absent. No filtering or sanitization of the retrieved diffs or spec files is performed before they are passed to the sub-agents.
  • [COMMAND_EXECUTION]: The skill executes several Git commands to facilitate the review process.
  • Evidence: Usage of git diff <fixed-point>...HEAD, git log <fixed-point>..HEAD --oneline, and git rev-parse <fixed-point> to compare code and verify references.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 14, 2026, 10:18 PM
Security Audit — agent-trust-hub — code-review