requesting-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to interact with the git version control system.
- Evidence: git rev-parse, git log, and git diff commands are used in SKILL.md and code-reviewer.md to identify commit ranges and extract code changes.
- Risk: Input parameters such as {BASE_SHA} and {HEAD_SHA} are interpolated directly into shell command strings, which could be exploited if an attacker provides malicious branch names or commit references containing shell metacharacters.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes code content which is untrusted external data.
- Ingestion points: The subagent reads the output of git diff via the code-reviewer.md template.
- Boundary markers: The template uses Markdown headers to separate sections but lacks explicit delimiters or instructions to the AI to ignore instructions found within the diffed code.
- Capability inventory: The agent has the capability to run shell commands (git).
- Sanitization: There is no sanitization of the code content or the git metadata before it is presented to the AI reviewer.
Audit Metadata