review-cycle
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates complex workflows by dynamically generating shell commands for file discovery (
find), git operations (git log,git checkout,git commit), and test execution. These commands are derived from the repository's file structure and the results of the AI's own analysis. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an inherent attack surface for indirect prompt injection as it ingests and processes untrusted source code from the repository to perform reviews and suggest fixes.
- Ingestion points: The skill reads file contents from the local file system (e.g.,
src/**,lib/**) and processes exported findings in JSON format. - Boundary markers: While it uses structured Markdown prompts to interact with subagents, it does not employ explicit delimiters or instructions to the subagents to disregard instructions that might be embedded in the code being analyzed (e.g., malicious comments).
- Capability inventory: The orchestrator and its subagents have access to powerful tools including
Bash,Edit, andWritefor modifying the codebase and executing arbitrary commands during the fix phase. - Sanitization: No explicit sanitization or filtering of the ingested code content is performed before it is passed to the subagent prompts.
Audit Metadata