interrogate
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local system commands including
git diffto determine the review scope and usescodex execorspawn-codex-workerto launch analysis sub-agents. These actions are fundamental to the tool's stated purpose of reviewing code. - [DATA_EXFILTRATION]: The skill accesses repository history and file contents to provide context to the reviewers. This data is used within the agent's workflow to generate the review verdict.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted code from the repository and includes it in prompts sent to sub-agent reviewers.
- Ingestion points:
SKILL.md(Step 1) reads repository diffs and file contents. - Boundary markers:
references/reviewer-prompt.mduses markdown headers to delineate the code under review but lacks explicit instructions to the sub-agent to ignore any instructions embedded within that code. - Capability inventory: The skill can execute CLI tools and present synthesized results to the user.
- Sanitization: No specific sanitization or escaping of the ingested code is performed before it is placed in the reviewer templates.
Audit Metadata