code-reviewer
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/review_diff.pyusessubprocess.runto execute localgitcommands, includinggit diffandgit rev-parse. This allows the tool to automate the extraction of changes for review. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from git diffs which may contain malicious instructions embedded by external contributors. 1. Ingestion points:
scripts/review_diff.pyreads data directly from the output ofgit diff. 2. Boundary markers: The script interpolates raw diff content into a markdown report without using clear delimiters or security warnings for the AI agent. 3. Capability inventory: The skill has the capability to executegitvia subprocess and write files to the local file system (defaulting to/tmp/review.md). 4. Sanitization: There is no validation or sanitization of the content retrieved from the diff before it is processed by the agent.
Audit Metadata