code-review
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- External Data Processing (Indirect Prompt Injection): The skill is designed to analyze code diffs and repository content. * Ingestion points: Data is collected from git and gh tool outputs as specified in SKILL.md. * Boundary markers: The instructions do not currently utilize specific delimiters to isolate the code being reviewed from the agent's internal instructions. * Capability inventory: The skill uses git and gh for repository operations and has the ability to read local files. * Sanitization: No explicit sanitization is performed on the ingested code content before analysis.
- Command Integration: The skill uses standard utilities like git and gh with arguments derived from user input to perform its core functions.
- Contextual File Access: Accesses local project files and configuration documents (e.g., .editorconfig) to provide contextually accurate feedback and maintain stylistic consistency.
Audit Metadata