Skills
skills/anasx7/skills/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The file code-reviewer.md contains a shell command template (git diff {BASE_SHA}..{HEAD_SHA}) that interpolates variables. If these variables are populated with untrusted input (e.g., from a pull request description or a malicious configuration), it could allow an attacker to execute arbitrary commands on the system.
  • PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8). It ingests and processes code diffs and descriptions without sanitization or boundary markers, meaning malicious instructions embedded in the code being reviewed could influence the subagent's behavior.
  • Evidence Chain (Category 8):
  • Ingestion points: Content from {DESCRIPTION}, {PLAN_REFERENCE}, and the output of the git diff command are directly interpolated into the subagent prompt.
  • Boundary markers: Absent; there are no delimiters (like XML tags or triple quotes) or 'ignore' instructions used to wrap the untrusted code content.
  • Capability inventory: The subagent has the capability to run shell commands via git and report back status.
  • Sanitization: None; the content is passed directly to the model.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 01:23 PM