code-review-expert
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local git and ripgrep (rg) commands (e.g., git diff, git log, rg) to inspect the repository and build context for reviews. These operations are well-scoped to the stated purpose of the tool.
- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted data from git diffs and codebase files. (1) Ingestion points: Context is built via git commands and code search in SKILL.md and review-flow.md. (2) Boundary markers: Absent; there are no specific delimiters to separate untrusted code from instructions. (3) Capability inventory: The agent can execute git/rg shell commands and read files. (4) Sanitization: Absent. This risk is inherent to the use case and is mitigated by the structured 'findings-first' output requirement.
- [SAFE]: No evidence of hardcoded credentials, remote code execution from untrusted sources, or obfuscation was detected across the skill's files.
Audit Metadata