code-review
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill explicitly instructs the agent to use command-line tools such as
git rev-parse,git log, andgrepto analyze code changes and status. It also mandates running project-specific build and test commands as 'Verification Gates'. These operations are intrinsic to the skill's purpose of code review and quality assurance. - PROMPT_INJECTION (SAFE): The instructions use highly prescriptive and authoritative language (e.g., 'The Iron Law', 'Forbidden Responses', 'Non-negotiable'). While these resemble techniques used in prompt injection to override system constraints, they are applied here to enforce technical rigor, prevent 'hallucinated' completion claims, and avoid performative behavior (social politeness). This is an alignment strategy for the coding persona rather than a safety bypass.
- DATA_EXPOSURE (SAFE): The skill processes git metadata (commit SHAs) and codebase content (via grep). No evidence was found of accessing sensitive files like
.env, SSH keys, or cloud credentials. - INDIRECT PROMPT INJECTION (LOW): The skill has a surface for indirect injection (Category 8) because it processes feedback from 'External Reviewers'. However, it includes explicit guardrails requiring the agent to be skeptical, verify suggestions technically, and check for breakage before implementation, effectively mitigating the risk.
Audit Metadata