Skills
skills/5kahoisaac/opencode-configs/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Fail

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The code-reviewer.md file contains shell command templates that directly interpolate variables {BASE_SHA} and {HEAD_SHA} into git diff commands. If an attacker provides malicious strings containing shell metacharacters as commit identifiers, arbitrary system commands could be executed.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It processes external data such as feature descriptions and project plans and interpolates them directly into the instructions for the review subagent.
  • Ingestion points: code-reviewer.md ingests untrusted data via {DESCRIPTION} and {PLAN_REFERENCE}.
  • Boundary markers: No delimiters or safety instructions are used to isolate user-provided content from the system instructions.
  • Capability inventory: The subagent has the capability to execute shell commands (git).
  • Sanitization: No input validation or sanitization is performed on the provided strings before shell interpolation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 9, 2026, 10:10 PM