Skills
skills/notque/claude-code-toolkit/parallel-code-review/Gen Agent Trust Hub

parallel-code-review

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it reads and processes content from external Git repositories and GitHub pull requests. Maliciously crafted instructions embedded in code comments or PR descriptions could potentially influence the behavior of the reviewer agents.
  • Ingestion points: The skill uses git diff and gh pr view to retrieve file paths and content from the local repository and GitHub.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when passing retrieved code content to the specialized sub-agents.
  • Capability inventory: The skill uses the Bash tool for repository metadata extraction and the Task tool to invoke and manage multiple concurrent reviewer agents.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the ingested code or PR content before it is passed to the reviewer agents for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 05:55 AM
Security Audit — agent-trust-hub — parallel-code-review