Skills
skills/cygnusfear/claude-stuff/comprehensive-code-review/Gen Agent Trust Hub

comprehensive-code-review

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various system commands including gh, git, mkdir, and date to retrieve repository data and document findings. These operations are essential for its primary function of code review.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted content from pull request diffs and descriptions. This external data is interpolated into prompts for sub-agents without sufficient boundary markers or sanitization.
  • Ingestion points: Pull request metadata via gh pr view and code differences via gh pr diff and git diff recorded in context.json and diff.txt respectively.
  • Boundary markers: Absent. The prompt templates for individual reviewers (e.g., the "Individual Reviewer Prompt Template") lack explicit delimiters or instructions to disregard embedded commands within the {DIFF} or {PR title} fields.
  • Capability inventory: The skill can perform file writes to the local .reviews/ directory, post comments to GitHub pull requests via gh pr comment, and initiate additional sub-agent tasks using the Task() call.
  • Sanitization: No validation or sanitization is performed on the ingested code or descriptions before they are processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 08:48 AM