auto-review

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data in the form of code diffs and repository file contents across multiple agent sub-tasks. This represents an indirect prompt injection attack surface where malicious code comments could attempt to influence the reviewer's findings.
  • Ingestion points: The workflow ingests output from shell commands (git diff) and file read operations in the Review and Verify phases.
  • Boundary markers: The instructions do not define explicit delimiters or 'ignore' instructions for the interpolated code content when passing it to sub-agents.
  • Capability inventory: The skill utilizes Read, Edit, and Bash tools, which could be leveraged if an injection successfully influences the agent's behavior.
  • Sanitization: The skill implements a sophisticated 'Adversarial Verify' stage in references/review-workflow.js. This phase uses independent skeptic agents to attempt to refute each finding against the actual code, acting as a structural filter against incorrect or malicious findings.
  • [COMMAND_EXECUTION]: The skill relies on shell commands (e.g., git diff, cat) executed via the Bash tool to perform its primary function of code auditing. The diffCmd parameter is passed into the workflow and executed by agents to fetch relevant code changes. This is standard behavior for development-oriented tools and is scoped to the repository context provided in the root argument.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:15 AM
Security Audit — agent-trust-hub — auto-review