code-review
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses git commands like
git rev-parse,git diff, andgit ls-filesto identify the files and changes that need to be reviewed. This is standard behavior for a repository-based tool. - [COMMAND_EXECUTION]: During the verification phase or when the
--fixargument is used, the skill instructions include running project-specific tooling such as linters, formatters, and test runners. This involves executing commands against the local codebase as part of the intended review workflow. - [PROMPT_INJECTION]: The skill processes external, untrusted content (source code and git diffs) which presents a surface for indirect prompt injection. 1. Ingestion points: File contents and git diffs are read into the model's context in
SKILL.md(Workflow steps 1 and 4). 2. Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the code content as untrusted data or to ignore instructions embedded within it. 3. Capability inventory: The skill can execute shell commands (git, linters, tests) and modify files (using the--fixflag). 4. Sanitization: The skill does not perform any validation or sanitization on the code content before analysis.
Audit Metadata