Skills
skills/aaaaqwq/agi-super-skills/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The template in code-reviewer.md is susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted content through placeholders like {DESCRIPTION} and {PLAN_REFERENCE} without employing delimiters or instructions to ignore embedded commands. Malicious instructions contained within commit messages or requirements files could potentially influence the code-reviewer subagent's logic.
  • Ingestion points: code-reviewer.md via {DESCRIPTION}, {PLAN_REFERENCE}, and {WHAT_WAS_IMPLEMENTED}.
  • Boundary markers: Absent.
  • Capability inventory: The skill utilizes a bash tool to execute git commands and dispatches a subagent.
  • Sanitization: Absent.
  • [COMMAND_EXECUTION]: The skill constructs shell commands by directly interpolating variables {BASE_SHA} and {HEAD_SHA} into git diff calls within the code-reviewer.md template. If these variables are derived from untrusted metadata—such as branch names or task descriptions containing shell metacharacters—without prior validation or escaping, it presents a command injection risk in the environment where the agent operates.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:56 AM