requesting-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): Potential for indirect prompt injection via untrusted review data. 1. Ingestion points: Placeholders {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, and {DESCRIPTION} in code-reviewer.md. 2. Boundary markers: Absent; instructions and data are mixed without clear delimiters. 3. Capability inventory: File system access and repository inspection via git diff, git log, and git rev-parse. 4. Sanitization: Absent; external content is interpolated directly into the subagent prompt.
- Command Execution (SAFE): Executes standard git commands to retrieve commit hashes and diffs. These operations are restricted to the local repository and do not involve privilege escalation or network access.
Audit Metadata