impl-peer-review

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git, compozy, and bash commands to compute diffs, run the peer review engine, and validate the output artifacts. These operations are restricted to the local environment and are essential for the skill's function as a developer utility.
  • [PROMPT_INJECTION]: The skill processes untrusted repository data, including git diffs and context files, by interpolating them into a prompt for a sub-agent. This is an indirect prompt injection surface.
  • Ingestion points: SKILL.md captures git diff output, git log summaries, and the contents of files specified via the --context flag or automatically discovered project rule files (e.g., CLAUDE.md, .cursorrules).
  • Boundary markers: The review prompt template in references/impl-review-prompt.md uses clear Markdown section headers and a 'SCOPED-WRITE CONTRACT' to isolate the instructions from the data being reviewed.
  • Capability inventory: The skill environment has access to the filesystem (to write logs and findings to the <out> directory) and can execute shell commands (git, compozy, bash).
  • Sanitization: No explicit sanitization or escaping of the diff content is performed before interpolation; however, the use of a dedicated --prompt-file flag when calling the review engine mitigates shell-level command injection risks from the diff data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 08:25 PM
Security Audit — agent-trust-hub — impl-peer-review