git-code-review
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill is designed to run a local script that executes git commands using user-provided parameters like usernames. There is a significant risk of command injection if these parameters are not sanitized before being passed to a shell (e.g., a username like '; rm -rf /').
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) by processing untrusted commit messages and diffs. Ingestion points: Git commit history and code diffs. Boundary markers: None identified; no delimiters isolate the commit content from agent instructions. Capability inventory: Subprocess execution of git and local file-writing to the .claude directory. Sanitization: None documented; malicious commit data could potentially influence agent behavior.
- NO_CODE (LOW): The main logic resides in
git_code_review.py, which is referenced but not included in the provided skill files, preventing a full security audit of the execution logic.
Audit Metadata