Skills
skills/ericgrill/agents-skills-plugins/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions and templates utilize shell commands such as git rev-parse, git log, and git diff to manage commit hashes and extract code changes for review. These are standard operations for a development-focused tool.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present in the review workflow.
  • Ingestion points: The code-reviewer.md template instructs the subagent to process the output of git diff, which contains raw code from the project.
  • Boundary markers: The subagent instructions lack explicit delimiters or clear directives to disregard any natural language instructions that might be embedded within the code diff being reviewed.
  • Capability inventory: The skill allows the agent to execute shell commands (git) and generate analysis reports based on external file content.
  • Sanitization: There is no evidence of sanitization or validation for the git diff output or the SHA variables before they are interpolated into commands or provided to the subagent for reasoning.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 01:27 AM