interrogate

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local system commands including git diff to determine the review scope and uses codex exec or spawn-codex-worker to launch analysis sub-agents. These actions are fundamental to the tool's stated purpose of reviewing code.
  • [DATA_EXFILTRATION]: The skill accesses repository history and file contents to provide context to the reviewers. This data is used within the agent's workflow to generate the review verdict.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted code from the repository and includes it in prompts sent to sub-agent reviewers.
  • Ingestion points: SKILL.md (Step 1) reads repository diffs and file contents.
  • Boundary markers: references/reviewer-prompt.md uses markdown headers to delineate the code under review but lacks explicit instructions to the sub-agent to ignore any instructions embedded within that code.
  • Capability inventory: The skill can execute CLI tools and present synthesized results to the user.
  • Sanitization: No specific sanitization or escaping of the ingested code is performed before it is placed in the reviewer templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 04:46 PM