Skills
skills/ibrahim-3d/orchestrator-supaconductor/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands including git rev-parse, git log, and git diff to identify and retrieve code changes for analysis. These operations are essential for the skill's purpose.
  • [PROMPT_INJECTION]: The reviewer template in code-reviewer.md processes untrusted data in the form of code diffs, creating an indirect prompt injection surface.
  • Ingestion points: Code content and history retrieved via git diff and git log commands.
  • Boundary markers: The template uses markdown headers to separate sections, but it lacks specific delimiters or explicit instructions to ignore potentially malicious instructions embedded within the code diff text.
  • Capability inventory: The agent can execute git commands and dispatch subagents.
  • Sanitization: No sanitization or filtering of the code diff content is performed before the reviewer agent processes the data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 05:54 PM
Security Audit — agent-trust-hub — requesting-code-review