code-review
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local Git commands such as git diff and git merge-base to identify and retrieve code changes for analysis. These commands are used for information gathering and do not pose a risk of unauthorized modification or data exfiltration.
- [SAFE]: All external references point to official engineering guidelines from trusted organizations including Google, Microsoft, and GitHub, providing reliable context for the review process.
- [SAFE]: The skill has an attack surface for indirect prompt injection as it processes untrusted code diffs. 1. Ingestion points: Code diffs retrieved via Git. 2. Boundary markers: Not explicitly defined for diff content. 3. Capability inventory: Local shell execution (Git) and file-write capabilities upon request. 4. Sanitization: None identified. The risk is minimal given the skill's instructional constraints and the requirement for explicit user approval before applying changes.
Audit Metadata