reviewing-code
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external content. An attacker could embed instructions within a code diff or pull request description to manipulate the agent's review output.
- Ingestion points:
SKILL.mdspecifies that the agent should infer intent and review content from user requests, diffs, issues, and PR/MR descriptions. - Boundary markers: The instructions do not define clear delimiters or use specialized prompts to isolate the external code content from the operational instructions.
- Capability inventory: The skill does not explicitly invoke shell commands or network tools, but it operates within an agent context that may have such tools available.
- Sanitization: There is no requirement or logic for sanitizing or escaping the content being reviewed before it is processed by the agent.
Audit Metadata