code-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Git commands (diff, log) through a Python script (
scripts/review_checklist.py) and direct shell instructions inSKILL.mdto retrieve repository metadata and code changes for review. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted code changes from pull requests which could contain malicious instructions designed to influence the agent's review verdict.
- Ingestion points: Untrusted code data enters the context via
git diffcommands inSKILL.mdand theget_difffunction inscripts/review_checklist.py. - Boundary markers: The skill uses standard Markdown code blocks to wrap diffs but lacks explicit instructions for the agent to ignore or disregard natural language commands embedded within the code being reviewed.
- Capability inventory: The skill has access to
Bash,Read,Grep,WebFetch, andWebSearchtools, which could be leveraged if an indirect injection is successful. - Sanitization: No content sanitization or filtering is performed on the diff output before it is presented to the agent for analysis.
- [EXTERNAL_DOWNLOADS]: The skill references documentation and security guidelines from trusted and well-known sources, including OWASP and Google's Engineering Practices.
Audit Metadata