Skills
skills/utarn/engineer-skills/review/Gen Agent Trust Hub

review

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes git commands such as git diff, git log, and git rev-parse to identify and retrieve code changes. These are standard operations necessary for the skill's primary function of code review.
  • [PROMPT_INJECTION]: The skill processes untrusted data from git diffs and commit messages, which serves as a potential surface for indirect prompt injection.
  • Ingestion points: Content is ingested from git diff output, git log commit messages, and local project documents (SKILL.md).
  • Boundary markers: Absent; the instructions do not specify the use of delimiters to separate retrieved code or commit messages from the instructions provided to the sub-agents.
  • Capability inventory: The skill spawns sub-agents to perform analysis and reports findings back to the user.
  • Sanitization: Absent; the skill does not specify any sanitization or filtering of the code diffs or commit messages before they are processed by the sub-agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 12:12 AM
Security Audit — agent-trust-hub — review