Skills
skills/commandcodeai/agent-skills/requesting-code-review/Gen Agent Trust Hub

requesting-code-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill creates a significant attack surface by ingesting untrusted content into a subagent's prompt. An attacker could embed malicious instructions within the source code being reviewed or the project requirements.
  • Ingestion points: The template code-reviewer.md interpolates {WHAT_WAS_IMPLEMENTED}, {PLAN_OR_REQUIREMENTS}, {DESCRIPTION}, and the output of git diff directly into the system instructions.
  • Boundary markers: None. There are no delimiters or 'ignore' instructions used to separate system instructions from the untrusted data being analyzed.
  • Capability inventory: The skill executes local shell commands (git rev-parse, git log, git diff). While the instructions show the subagent running these, the calling agent also performs command execution to populate the SHAs.
  • Sanitization: None detected. Content is interpolated directly into the prompt as raw text.
  • Command Execution (LOW): The skill relies on executing git commands on the local system. While these are standard for a code review tool, they represent an interaction with the local filesystem and shell environment that could be exploited if branch names or commit messages were crafted maliciously.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 02:46 AM