Skills
skills/wubabalala/claude-skills/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool for Git operations, diff analysis, and applying 'Auto-Fix' suggestions. It also includes functional installation scripts (hooks/install.sh, hooks/install.ps1) and a Git pre-push hook which execute commands to manage the local Git configuration.
  • [EXTERNAL_DOWNLOADS]: The skill README and documentation reference the author's GitHub repository (github.com/Wubabalala/claude-skills) for project-specific updates and issue tracking.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it reads and follows instructions from .claude/review-checklist.md and architecture-traps.md files found within the target repository. An attacker who can commit to the repository could include malicious instructions in these files to influence the agent's review or bypass checks.
  • Ingestion points: architecture-traps.md, .claude/review-checklist.md, and repository code files.
  • Boundary markers: The skill lacks explicit system-level instructions or delimiters to isolate the agent from potentially malicious prompt injections within these project files.
  • Capability inventory: The agent has access to Bash, Write, Edit, Read, Grep, and Glob tools, providing a significant blast radius if an injection is successful.
  • Sanitization: No validation or sanitization of the logic inside the ingested configuration files is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 08:37 AM