Skills
skills/abudhahir/superpowers/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The code-reviewer.md template interpolates untrusted external data into the agent's instructions without clear delimiters.
  • Ingestion points: Variable placeholders {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, and {DESCRIPTION} in code-reviewer.md are populated with data that may be sourced from attacker-controlled PR descriptions or external documentation.
  • Boundary markers: Absent. There are no delimiters (e.g., XML tags or backticks with warnings) to prevent the model from interpreting content inside these variables as instructions.
  • Capability inventory: The subagent can execute shell commands (git diff) and generate reports that influence the main agent's workflow.
  • Sanitization: Absent. The template assumes the content of these placeholders is purely descriptive.
  • [Command Execution] (LOW): The template includes shell commands that use interpolated variables which could be manipulated.
  • Evidence: The commands git diff --stat {BASE_SHA}..{HEAD_SHA} and git diff {BASE_SHA}..{HEAD_SHA} in code-reviewer.md rely on the integrity of {BASE_SHA} and {HEAD_SHA}. If an attacker can influence these strings (e.g., via a malicious configuration or PR metadata), they could attempt command injection (e.g., ; malicious_command ;).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:38 PM