requesting-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git diff,git log, andgit rev-parsecommands to identify code changes between commits. These operations are essential for the code review process and are used appropriately within the context of the skill.\n- [PROMPT_INJECTION]: Thecode-reviewer.mdtemplate ingests external documentation and task descriptions into the agent's prompt, creating a surface for indirect prompt injection.\n - Ingestion points: The
{DESCRIPTION}and{PLAN_REFERENCE}placeholders incode-reviewer.mdaccept external data.\n - Boundary markers: No explicit boundary markers or delimiters are used to isolate untrusted content.\n
- Capability inventory: The agent has the capability to execute shell commands via the
gitCLI.\n - Sanitization: There is no evidence of input sanitization or validation for the ingested fields.
Audit Metadata