Skills
skills/buildbusinessdigitalmeg-ux/superpowers/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface in code-reviewer.md. The template interpolates external content into the agent's system prompt.
  • Ingestion points: The variables {DESCRIPTION} and {PLAN_REFERENCE} in code-reviewer.md ingest data that may be controlled by an external actor or found within commit messages.
  • Boundary markers: The skill lacks explicit delimiters (like XML tags or clear boundaries) or 'ignore embedded instructions' warnings around the interpolated content, which may lead the agent to follow instructions found within the code changes or descriptions.
  • Capability inventory: The reviewing agent has the capability to execute git commands.
  • Sanitization: There is no evidence of sanitization or filtering of the input variables before they are interpolated into the prompt.
  • [COMMAND_EXECUTION]: Shell command interpolation risk in code-reviewer.md and SKILL.md.
  • The variables {BASE_SHA} and {HEAD_SHA} are used directly inside shell command blocks (e.g., git diff {BASE_SHA}..{HEAD_SHA}). If these variables contain shell metacharacters (like backticks or semicolons), it could lead to arbitrary command execution within the environment where the agent runs the git commands.
  • The examples in SKILL.md show the agent using git rev-parse and awk to generate these values, which reduces the risk if the agent strictly follows that logic, but the template itself does not enforce validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 09:56 AM