Skills
skills/shipshitdev/library/full-code-review/Gen Agent Trust Hub

full-code-review

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data (git diffs and PR metadata) and interpolates it directly into the prompts for its reviewer agents.
  • Ingestion points: The DIFF and CHANGED_FILES variables in scripts/full-code-review.js are populated with external repository content.
  • Boundary markers: The diff content is wrapped in markdown code blocks ("```diff"), which provide some structural separation but do not prevent an LLM from following instructions embedded within the diff.
  • Capability inventory: The skill orchestrates multiple LLM calls (agent()) and utilizes read-only shell commands via git and gh.
  • Sanitization: No explicit sanitization or instruction-filtering is applied to the diff content before it is passed to the reviewer models.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 01:13 PM
Security Audit — agent-trust-hub — full-code-review