code-review
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [DYNAMIC_CONTEXT_INJECTION]: The skill uses the
!command`` syntax to capture repository information (git status, diffs, and logs) into the context at load time. These commands are limited to standard, non-destructive git operations necessary for code analysis. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data in the form of git diffs and commit messages.
- Ingestion points: Untrusted diff content and logs are ingested in
SKILL.mdand passed to sub-agents inWORKFLOW.md. - Boundary markers: Prompts utilize clear headers like
DIFF CONTENT:andCLAUDE.md FILES:to delimit data, though it lacks explicit instructions to ignore embedded commands within the diffs. - Capability inventory: The skill has capabilities to write files to the local filesystem and post comments to GitHub PRs via the
ghtool. - Sanitization: There is no explicit sanitization of the diff content, but the multi-agent 'Confidence Scoring' phase (Phase 3) acts as a high-signal filter to reduce noise and potential manipulation.
- [COMMAND_EXECUTION]: The skill orchestrates the execution of local development tools including
git,gh(GitHub CLI), and standard filesystem commands (mkdir). These operations are consistent with its stated purpose of reviewing code and managing reports.
Audit Metadata