deep-code-review
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes shell commands including
az rest,git show, andgrepto interact with the local repository and the Azure DevOps API. This is a primary function for retrieving code and reporting findings. - [EXTERNAL_DOWNLOADS]: Fetches pull request information and diffs from Azure DevOps (
dev.azure.com). This is a well-known service and the activity is part of the core code review workflow. - [DATA_EXFILTRATION]: Transmits code review findings to Azure DevOps PR comments. While this involves sending analysis of local source code to an external service, it targets a well-known platform as part of the user-initiated review process.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests and processes untrusted data from code diffs.
- Ingestion points: Untrusted data enters the agent context via the
Review targetin Step 1, which includes PR diffs or repository files. - Boundary markers: The skill uses XML-style tags like
<review_context>to structure information, but lacks explicit warnings to ignore instructions embedded in the code being reviewed. - Capability inventory: The agent has the ability to execute shell commands and perform network operations via the
azCLI. - Sanitization: No explicit sanitization or filtering is performed on the ingested code content before analysis.
Audit Metadata