impl-peer-review
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git,compozy, andbashcommands to compute diffs, run the peer review engine, and validate the output artifacts. These operations are restricted to the local environment and are essential for the skill's function as a developer utility. - [PROMPT_INJECTION]: The skill processes untrusted repository data, including git diffs and context files, by interpolating them into a prompt for a sub-agent. This is an indirect prompt injection surface.
- Ingestion points:
SKILL.mdcapturesgit diffoutput,git logsummaries, and the contents of files specified via the--contextflag or automatically discovered project rule files (e.g.,CLAUDE.md,.cursorrules). - Boundary markers: The review prompt template in
references/impl-review-prompt.mduses clear Markdown section headers and a 'SCOPED-WRITE CONTRACT' to isolate the instructions from the data being reviewed. - Capability inventory: The skill environment has access to the filesystem (to write logs and findings to the
<out>directory) and can execute shell commands (git,compozy,bash). - Sanitization: No explicit sanitization or escaping of the diff content is performed before interpolation; however, the use of a dedicated
--prompt-fileflag when calling the review engine mitigates shell-level command injection risks from the diff data.
Audit Metadata