requesting-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes local
gitcommands (rev-parse,log,diff) to facilitate the code review process. These commands are used for their intended purpose of identifying and displaying code changes and do not involve shell injection or elevated privileges. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection due to how it handles external data. 1. Ingestion points: Untrusted content from commit messages, file diffs, and implementation descriptions is interpolated into the
code-reviewer.mdprompt template. 2. Boundary markers: The template lacks explicit delimiters or instructions to treat the code content as data rather than instructions. 3. Capability inventory: The agent has the ability to read repository contents via git and delegate further tasks using theteamstool. 4. Sanitization: No sanitization or escaping is performed on the code diffs or user descriptions before they are passed to the LLM.
Audit Metadata