review
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands, specifically
git diff origin/main...HEAD, to extract code changes for the review process. - [PROMPT_INJECTION]: The skill processes untrusted content from the repository (code changes and documentation) which presents an indirect prompt injection surface where malicious instructions in the code could influence the agent.
- Ingestion points: Git diff output, spec files, plan files,
AGENTS.md, andCLAUDE.md(specified inSKILL.md). - Boundary markers: Absent; the skill does not use delimiters to isolate untrusted data from instructions.
- Capability inventory: The skill has the ability to execute shell commands (
git diff) and spawn specialized subagents (anti-overeng-reviewer). - Sanitization: No sanitization or validation of the ingested content is specified.
Audit Metadata