Skills
skills/julianromli/ai-skills/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Warn

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The template in code-reviewer.md incorporates variables ({BASE_SHA}, {HEAD_SHA}) directly into shell commands (git diff) that are executed by a subagent. If these variables are supplied by an untrusted source or manipulated to include shell metacharacters (e.g., ;, &&, |), it could lead to arbitrary command execution within the subagent's environment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it requires the agent to read and evaluate code changes.
  • Ingestion points: The subagent ingests untrusted content from the codebase through the git diff output as defined in code-reviewer.md.
  • Boundary markers: While the template uses markdown code blocks to encapsulate the diff, it lacks clear instructions to the subagent to ignore instructions or logic embedded within the code comments or strings.
  • Capability inventory: The reviewer subagent is a general-purpose agent with the ability to execute shell commands and utilize system tools as specified in SKILL.md.
  • Sanitization: There is no evidence of sanitization or content filtering for the code being reviewed before it is passed to the subagent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 9, 2026, 03:33 AM