tasks-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection because it ingests and processes untrusted source code during its review workflow.
- Ingestion points: Untrusted data enters the agent context via git diff outputs and file reading operations within SKILL.md.
- Boundary markers: Absent; there are no specific markers or system instructions provided to ensure the agent ignores or isolates instructions that might be embedded in code comments or strings.
- Capability inventory: The skill has access to sensitive tools including Bash, Write, Edit, and Task, which could be misused if an injection attack succeeds.
- Sanitization: The skill does not perform any validation or sanitization of the external code content before analysis.
Audit Metadata