Skills
skills/mgiovani/cc-arsenal/team-review/Gen Agent Trust Hub

team-review

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted code and pull request data, creating a surface for potential indirect prompt injection attacks where malicious instructions hidden in the code could influence agent behavior.\n
  • Ingestion points: Untrusted data is retrieved from pull request metadata and diffs using gh pr view and gh pr diff, and from commit content via git show (Phase 0 in SKILL.md).\n
  • Boundary markers: The instructions lack specific delimiters or instructions to treat the ingested code as untrusted data when passed to subagents.\n
  • Capability inventory: Reviewer subagents have access to powerful tools including Bash, Write, and Edit, which could be abused if an agent is successfully manipulated by untrusted code.\n
  • Sanitization: No validation or sanitization of the retrieved code is performed before analysis.\n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform project discovery and retrieve source code data using common developer tools such as git, gh, grep, and ls-files (Phases 0 and 1 in SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 08:42 PM