auto-review
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data in the form of code diffs and repository file contents across multiple agent sub-tasks. This represents an indirect prompt injection attack surface where malicious code comments could attempt to influence the reviewer's findings.
- Ingestion points: The workflow ingests output from shell commands (
git diff) and file read operations in theReviewandVerifyphases. - Boundary markers: The instructions do not define explicit delimiters or 'ignore' instructions for the interpolated code content when passing it to sub-agents.
- Capability inventory: The skill utilizes
Read,Edit, andBashtools, which could be leveraged if an injection successfully influences the agent's behavior. - Sanitization: The skill implements a sophisticated 'Adversarial Verify' stage in
references/review-workflow.js. This phase uses independent skeptic agents to attempt to refute each finding against the actual code, acting as a structural filter against incorrect or malicious findings. - [COMMAND_EXECUTION]: The skill relies on shell commands (e.g.,
git diff,cat) executed via theBashtool to perform its primary function of code auditing. ThediffCmdparameter is passed into the workflow and executed by agents to fetch relevant code changes. This is standard behavior for development-oriented tools and is scoped to the repository context provided in therootargument.
Audit Metadata