Skills
skills/aaaaqwq/agi-super-team/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The code-reviewer.md template interpolates {BASE_SHA} and {HEAD_SHA} directly into a bash command block. This presents a risk of command injection if these variables are populated with malicious shell metacharacters from untrusted sources rather than the output of git rev-parse as intended.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in code-reviewer.md.
  • Ingestion points: {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, and {DESCRIPTION} placeholders in code-reviewer.md.
  • Boundary markers: None are used to delimit the external content from the subagent instructions.
  • Capability inventory: The subagent has the capability to execute shell commands (git diff) and write assessment reports.
  • Sanitization: No sanitization or validation of the interpolated data is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 06:59 AM