Skills
skills/block/goose/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs shell operations to establish a baseline and conduct reviews. It executes git for diffing and status checks, cargo (clippy and fmt) for Rust linting, pnpm for UI linting, and runs a local repository script ./scripts/check-openapi-schema.sh.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) as it processes untrusted data (source code changes) that could contain malicious instructions.
  • Ingestion points: Reads code changes via git diff main...HEAD in the 'Conduct Review' step.
  • Boundary markers: Absent. The skill does not explicitly instruct the agent to ignore instructions embedded within the code diffs being reviewed.
  • Capability inventory: The agent can execute shell commands (git, cargo, pnpm, scripts) and modify local files (during the 'Fix Issues' step).
  • Sanitization: Absent. Code content is processed directly for review purposes without escaping or sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 08:08 PM