requesting-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill primarily serves as a process guide for using a
code-reviewersubagent. It does not contain any malicious scripts or commands. - [Indirect Prompt Injection] (LOW): The skill defines a surface for processing untrusted data (git commit history and user-provided code descriptions) which is then passed to another subagent. While this creates a potential vector for indirect prompt injection if the code under review contains adversarial instructions, the risk is inherent to the task of code review and is mitigated by the modular subagent architecture.
- Ingestion points: Git SHAs and developer descriptions (SKILL.md).
- Boundary markers: None explicitly defined in this instructional file.
- Capability inventory: Triggers the
superpowers:code-reviewertask. - Sanitization: Not observed in this process documentation.
Audit Metadata