review-code
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted code and diffs from external sources (PRs and commits), which creates a surface for indirect prompt injection where malicious code could influence the agent's behavior.
- Ingestion points: Code content is ingested via
gh pr diffandgit showinSKILL.md. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' markers when passing code to sub-agents.
- Capability inventory: The skill uses agents to perform file reading and pattern matching across the codebase to generate reports.
- Sanitization: There is no explicit sanitization or validation of the ingested code content before it is processed by the analysis agents.
Audit Metadata