code-review

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git commands like git rev-parse, git diff, and git ls-files to identify the files and changes that need to be reviewed. This is standard behavior for a repository-based tool.
  • [COMMAND_EXECUTION]: During the verification phase or when the --fix argument is used, the skill instructions include running project-specific tooling such as linters, formatters, and test runners. This involves executing commands against the local codebase as part of the intended review workflow.
  • [PROMPT_INJECTION]: The skill processes external, untrusted content (source code and git diffs) which presents a surface for indirect prompt injection. 1. Ingestion points: File contents and git diffs are read into the model's context in SKILL.md (Workflow steps 1 and 4). 2. Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the code content as untrusted data or to ignore instructions embedded within it. 3. Capability inventory: The skill can execute shell commands (git, linters, tests) and modify files (using the --fix flag). 4. Sanitization: The skill does not perform any validation or sanitization on the code content before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 09:34 AM
Security Audit — agent-trust-hub — code-review