requesting-code-review
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands to interact with the local git repository. \n
- Evidence: SKILL.md and code-reviewer.md contain instructions to run git rev-parse, git log, and git diff to determine the range of changes for review. \n
- Context: These commands are essential for identifying the code changes that need to be reviewed. \n- [PROMPT_INJECTION]: The skill ingests untrusted data from implementation plans and requirements into the agent's context. \n
- Ingestion points: External data is passed through placeholders such as {PLAN_OR_REQUIREMENTS} and {WHAT_WAS_IMPLEMENTED} within code-reviewer.md. \n
- Boundary markers: There are no explicit boundary markers or instructions to the agent to disregard instructions that might be embedded in the requirement files or implementation summaries. \n
- Capability inventory: The sub-agent is authorized to perform git operations and analysis on the local codebase. \n
- Sanitization: There is no evidence of sanitization or filtering for the external content before it is interpolated into the agent prompt.
Audit Metadata