Skills
skills/del-taiseiozaki/claude-code-orchestra/team-review/Gen Agent Trust Hub

team-review

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands, including git diff to gather changes and uv run pytest to check test coverage. Running tests involves executing the code being reviewed, which carries inherent risk if the code changes are malicious.
  • [COMMAND_EXECUTION]: The Quality Reviewer agent is instructed to use a codex exec CLI tool to analyze complex logic. This represents an additional command execution surface using an external utility.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data (git diffs and file content from implementation branches) and passes it directly to LLM agents (Security, Quality, and Test reviewers) without sufficient delimiters or instructions to ignore embedded commands. A malicious code change could potentially contain instructions that influence the reviewer agents' findings.
  • Ingestion points: Reads git diff output and file contents in Step 2.
  • Boundary markers: None; content is interpolated directly into prompts.
  • Capability inventory: File system access, git command execution, and test execution (pytest).
  • Sanitization: None; the agents process raw file content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 08:50 PM