Skills
skills/shipshitdev/skills/full-code-review/Gen Agent Trust Hub

full-code-review

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerability. The skill orchestrates a multi-agent review process that interpolates untrusted git diffs and PR metadata directly into agent prompts. An attacker could embed malicious instructions within a pull request to influence the review outcomes or subvert the analysis.
  • Ingestion points: DIFF and CHANGED_FILES variables in scripts/full-code-review.js are sourced from git diff and gh pr diff output.
  • Boundary markers: The content is wrapped in triple backticks, but the prompts lack specific "ignore embedded instructions" warnings for the processing agents.
  • Capability inventory: The skill uses git and gh CLI tools for repository operations.
  • Sanitization: No sanitization or filtering of the diff content is performed before it is passed to the AI models.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:27 PM
Security Audit — agent-trust-hub — full-code-review