Skills
skills/majesticlabs-dev/majestic-marketplace/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands through the Bash tool to interact with the local environment. It runs git remote show to identify the default branch and uses git diff and gh pr diff to collect lists of changed files for review. These are standard operations for development-centric tools.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted data from local source code and external pull requests. This content is interpolated into prompts for sub-agents.
  • Ingestion points: Local project files (e.g., Gemfile, package.json) and pull request diffs obtained via the GitHub CLI.
  • Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands within the code being reviewed.
  • Capability inventory: The skill can execute shell commands (Bash) and invoke other agents (Task).
  • Sanitization: No explicit sanitization or validation of the ingested code content is performed prior to delegation to orchestrator agents.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 05:40 AM