Skills
skills/flc1125/skills/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local git commands such as git merge-base, git rev-parse, git log, and git diff to determine the scope of changes and extract the source code for review. These operations are standard for development workflows and are performed within the current repository context.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted data (git diffs and commit messages) from the repository. \n
  • Ingestion points: Untrusted code and commit descriptions are ingested via the git diff and git log commands specified in SKILL.md.\n
  • Boundary markers: The instructions do not define specific delimiters or security warnings to prevent the agent from following instructions embedded in the code diffs.\n
  • Capability inventory: The agent is restricted to git command execution and markdown reporting.\n
  • Sanitization: There is no evidence of input validation or sanitization for the data retrieved from git.\nWhile this surface exists, it is inherent to any tool designed for code analysis and review. The lack of high-privilege capabilities (such as arbitrary file writes or network access) significantly mitigates the risk of this exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 03:30 AM