Skills
skills/as4584/antigravity-skills/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The subagent template in code-reviewer.md is susceptible to indirect prompt injection.
  • Ingestion points: Data from {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, {DESCRIPTION}, and {PLAN_REFERENCE} are interpolated into the prompt.
  • Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings around the interpolated content.
  • Capability inventory: The subagent is instructed to execute git diff shell commands and provide an assessment that influences the development workflow.
  • Sanitization: No sanitization or validation of the input strings is performed before interpolation.
  • [COMMAND_EXECUTION]: The code-reviewer.md file contains a shell script block that interpolates {BASE_SHA} and {HEAD_SHA} directly into git diff commands. If these variables are populated with malicious strings containing shell metacharacters (e.g., semicolons or ampersands), it could lead to arbitrary command execution within the agent's environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 12:35 AM