code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it ingests and processes untrusted external data (source code and git diffs) without sufficient isolation or sanitization.
- Ingestion points: Git diff output from shell commands and direct reading of source files (e.g., src/auth.js).
- Boundary markers: Absent. There are no instructions or delimiters defined to help the agent distinguish between its system instructions and the content of the code being reviewed.
- Capability inventory: Shell command execution (git) and local file system read access.
- Sanitization: Absent. The skill does not provide any logic to sanitize or escape instructions that may be hidden in code comments or strings within the files.
- COMMAND_EXECUTION (LOW): The skill relies on executing shell commands such as
git diffto perform its primary function. While necessary for code analysis, this provides a surface for command-related issues if the input to the command were to be influenced by untrusted sources. - Evidence: SKILL.md explicitly instructs the agent to run
git diff $(git merge-base HEAD main)..HEAD.
Audit Metadata